On 01/08/13 22:04, Nico Williams wrote:
If you're in a position to know what CAs are allowed to issue certs
for a given name, then you can check for (audit) a) issuance of certs
for that name by unauthorized CAs, b) issuance of new certs by
authorized CAs but for unauthorized public keys.
who's in charge of auditing the certs? the CT people or each domain's admin?
will CT automatically alert (somehow) the admin when it detects a new
cert for a domain?
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
