On Thu, 24 Mar 2016, Peter Kurrasch wrote:
3) The claim that CT leads to better security is partially specious. My argument here is also one I've made before wherein having an audit trail such as CT typically only helps after the fact--only after a problem is discovered. We've even had posts in this forum of the variety of "I just noticed in the CT logs that such-and-such has done whatever". Clearly, the use of CT did not detect such problems so there is a period of time where users were less safe. This isn't to say that CT is of no value, rather that it's limited.
Note: I'm the IETF co-chair for the CT group (called "trans") CT is in the early stages. We have logging now and we need to develop more monitoring and auditing on top of that. The IETF is working on a few items in this area, such as the gossip protocol: https://tools.ietf.org/html/draft-ietf-trans-gossip-02 While CT is not meant to guarantee preventing attacks, it should in the near future be able to shorten the useful lifespan of bogus certificates, and perhaps more importantly guarantee anyone using bogus certificates will be caught by the public. So a targetted attack has a hefty price. Paul _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
