Re: [cryptography] Updated Certificate Transparency site

2013-08-02 Thread staticsafe
On Thu, Aug 01, 2013 at 05:32:55PM -0400, Jeffrey Walton wrote: On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote: ... If everyone does their part CT causes the risk of dishonest CA behavior

Re: [cryptography] Updated Certificate Transparency site

2013-08-02 Thread Ben Laurie
On 1 August 2013 22:32, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote: ... If everyone does their part CT causes the risk of dishonest CA behavior

Re: [cryptography] Updated Certificate Transparency site

2013-08-02 Thread Wasa
On 01/08/13 22:04, Nico Williams wrote: If you're in a position to know what CAs are allowed to issue certs for a given name, then you can check for (audit) a) issuance of certs for that name by unauthorized CAs, b) issuance of new certs by authorized CAs but for unauthorized public keys. who's

[cryptography] Updated Certificate Transparency site

2013-08-01 Thread Ben Laurie
Since there was some puzzlement over CT, I thought it might be of interest that we have revamped the site: http://www.certificate-transparency.org/. Comments and questions welcome. ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] Updated Certificate Transparency site

2013-08-01 Thread wasa bee
in CT, how do you tell if a newly-generated cert is legitimate or not? Say, I am a state-sponsored attacker and can get a cert signed by my national CA for barclays. How do you tell this cert is not legitimate? It could have been barclays' IT admin who asked for a new cert. Do companies need to

Re: [cryptography] Updated Certificate Transparency site

2013-08-01 Thread Nico Williams
On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote: in CT, how do you tell if a newly-generated cert is legitimate or not? Say, I am a state-sponsored attacker and can get a cert signed by my national CA for barclays. How do you tell this cert is not legitimate? It could have

Re: [cryptography] Updated Certificate Transparency site

2013-08-01 Thread Jeffrey Walton
On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote: ... If everyone does their part CT causes the risk of dishonest CA behavior discovery to become to great for CAs to engage in such behavior. Sorry to