On 2012-12-16 7:48 PM, ianG wrote:
Just to nitpick on this point, a CA certainly can claim that they or an agent did not sign a certificate. And, they can provide the evidence, and should have the ability to do this: CAs internally have logs as to what they did or did not sign, and this is part of their internal process.
Let us compare with the financial crisis. Banks had internal procedures and paperwork that supposedly showed that their loans were justified. After 2005 everyone knew the truth, though saying it out loud in plain words was and is politically incorrect.
Yet despite billion dollar lawsuits to extract that paperwork from the banks, we have only have very partial and incomplete information.
From which I conclude that if a CA misbehaved, and you had a high powered team of lawyers, and a few billion dollars, you might be able to get those logs.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
