ianG writes:

> 3.  the existance of a certificate in the log is acceptable proof of
> goodness for a browser.
> 
> Is that it, in minimalist form?
> 
> In analogous terms, is this like having the browser check EFF's
> repository for a second opinion?  Or, like OCSP but expanding the
> servers to cover all certs from all CAs, and test on the
> certificates not the serial numbers?

The browser still has to validate the certificate, so appearing
in the log doesn't directly prove that the certificate is valid.

The question that this system makes the browser answer before
accepting a cert is:

  Could the site operator know about the existence of this cert?

-- 
Seth Schoen  <[email protected]>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to