On 2 August 2013 11:27, Wasa wrote:
> On 01/08/13 22:04, Nico Williams wrote:
>>
>> If you're in a position to know what CAs are allowed to issue certs
>> for a given name, then you can check for (audit) a) issuance of certs
>> for that name by unauthorized CAs, b) issuance of new certs by
>> auth
On 01/08/13 22:04, Nico Williams wrote:
If you're in a position to know what CAs are allowed to issue certs
for a given name, then you can check for (audit) a) issuance of certs
for that name by unauthorized CAs, b) issuance of new certs by
authorized CAs but for unauthorized public keys.
who's
On 1 August 2013 22:32, Jeffrey Walton wrote:
> On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams wrote:
>> On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wrote:
>>
>> ... If everyone does their part CT causes the risk
>> of dishonest CA behavior discovery to become to great for CAs to
>> engage in such
On Thu, Aug 01, 2013 at 05:32:55PM -0400, Jeffrey Walton wrote:
> On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams wrote:
> > On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wrote:
> >
> > ... If everyone does their part CT causes the risk
> > of dishonest CA behavior discovery to become to great for CAs
On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams wrote:
> On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wrote:
>
> ... If everyone does their part CT causes the risk
> of dishonest CA behavior discovery to become to great for CAs to
> engage in such behavior.
Sorry to drift a bit, but how so? The best I
On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wrote:
> in CT, how do you tell if a newly-generated cert is legitimate or not?
> Say, I am a state-sponsored attacker and can get a cert signed by my
> national CA for barclays. How do you tell this cert is not legitimate? It
> could have been barclays' I
in CT, how do you tell if a newly-generated cert is legitimate or not?
Say, I am a state-sponsored attacker and can get a cert signed by my
national CA for barclays. How do you tell this cert is not legitimate? It
could have been barclays' IT admin who asked for a new cert.
Do companies need to lia
Since there was some puzzlement over CT, I thought it might be of
interest that we have revamped the site:
http://www.certificate-transparency.org/.
Comments and questions welcome.
___
cryptography mailing list
cryptography@randombit.net
http://lists.ran