On 03/25/2014 08:24 PM, Joseph Bonneau wrote: > *The service runs a Certificate Transparency-style log for every > certificate it issues and a similar transparency log for revocation > (Revocation Transparency or Mark Ryan's Enhanced Certificate > Transparency). Users query these structures to get proof that the certs > they are using are genuine and not revoked. > *Outside auditors scan the log for correctness and provide a web > interface to check which certs were issued for your username and when.
It seems like you're trading a user's ability to deal with a key-conflict in band with a user's ability to audit a key-conflict at some periodic interval. My concern would be that users are even less equipped to deal with an audit than a warning prompt, and that this could result in a service that is simultaneously capable of MITMing users undetectably while also receiving a shitstorm of false accusations from users who try to audit these logs themselves. I always imagine that users install an app and that's the end of it. What I've learned is that the number of users who re-install an app 8x a day, in between flashing roms, while mixing in titanium backups from 10 different alternating installs is absurdly high. - moxie -- http://www.thoughtcrime.org _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
