On Tue, 18 Oct 2016 15:49:26 -0700
Gervase Markham <g...@mozilla.org> wrote:
> On 18/10/16 15:42, Ryan Hurst wrote:
> > I do not understand the desire to require StartCom / WoSign to not
> > utilize their own logs as part of the associated quorum policy.
> My original logic was that it could be seen that the log owner is
> trustworthy. However, you are right that CT does not require this.
This is true only as long as TLS clients are auditing logs for correct
operation by demanding inclusion proofs for SCTs (or alternatively,
gossiping them to someone who will). Otherwise, CT logs are just
another trusted third party and could easily claim a certificate is
logged when it really isn't. What are Mozilla's plans for implementing
inclusion proof checking or SCT gossip (not just SCT signature
validation) in Firefox?
That said, I think a much more important question is not whether
StartCom/WoSign can be trusted to operate a CT log, but whether they
can be trusted to operate a CA.
dev-security-policy mailing list