ianG writes: > 3. the existance of a certificate in the log is acceptable proof of > goodness for a browser. > > Is that it, in minimalist form? > > In analogous terms, is this like having the browser check EFF's > repository for a second opinion? Or, like OCSP but expanding the > servers to cover all certs from all CAs, and test on the > certificates not the serial numbers?
The browser still has to validate the certificate, so appearing in the log doesn't directly prove that the certificate is valid. The question that this system makes the browser answer before accepting a cert is: Could the site operator know about the existence of this cert? -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
