On Tue, 18 Oct 2016 15:49:26 -0700 Gervase Markham <g...@mozilla.org> wrote:
> On 18/10/16 15:42, Ryan Hurst wrote: > > I do not understand the desire to require StartCom / WoSign to not > > utilize their own logs as part of the associated quorum policy. > > My original logic was that it could be seen that the log owner is > trustworthy. However, you are right that CT does not require this. This is true only as long as TLS clients are auditing logs for correct operation by demanding inclusion proofs for SCTs (or alternatively, gossiping them to someone who will). Otherwise, CT logs are just another trusted third party and could easily claim a certificate is logged when it really isn't. What are Mozilla's plans for implementing inclusion proof checking or SCT gossip (not just SCT signature validation) in Firefox? That said, I think a much more important question is not whether StartCom/WoSign can be trusted to operate a CT log, but whether they can be trusted to operate a CA. Regards, Andrew _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
