Ben Laurie wrote:
http://www.links.org/?p=1226
Quite a few people have said to me that Certificate Transparency (CT)
sounds like a good idea, but they’d like to see a proper spec.
Well, there’s been one of those for quite a while, you can find the
latest version [...],
or for your viewing convenience, I just made an HTML version
<http://www.links.org/files/sunlight.html>.
May I ask a (maybe stupid) question?
"... audit proofs will be valid indefinitely ..."
Then what remains of the scheme reputation once Mallory managed to
inject a fraudulent certificate in whatever is being audited (It's
called a "log" but I understand it as a grow-only repository)?
Actually, my expectation would be to read an explanation of which
security services are being offered, and which kind and level of
assurance the CT server operating organization is expected to provide.
What is the problem being addressed and to who does the main benefit
accrue / from whom involvement is expected? Once I can see these, I may
appreciate Apache and browser backward compatibility features and the like.
Thanks for your patience with my scrutiny.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
