On Thu, Aug 01, 2013 at 05:32:55PM -0400, Jeffrey Walton wrote:
On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote:
On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote:
... If everyone does their part CT causes the risk
of dishonest CA behavior
On 1 August 2013 22:32, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote:
On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote:
... If everyone does their part CT causes the risk
of dishonest CA behavior
On 01/08/13 22:04, Nico Williams wrote:
If you're in a position to know what CAs are allowed to issue certs
for a given name, then you can check for (audit) a) issuance of certs
for that name by unauthorized CAs, b) issuance of new certs by
authorized CAs but for unauthorized public keys.
who's
Since there was some puzzlement over CT, I thought it might be of
interest that we have revamped the site:
http://www.certificate-transparency.org/.
Comments and questions welcome.
___
cryptography mailing list
cryptography@randombit.net
in CT, how do you tell if a newly-generated cert is legitimate or not?
Say, I am a state-sponsored attacker and can get a cert signed by my
national CA for barclays. How do you tell this cert is not legitimate? It
could have been barclays' IT admin who asked for a new cert.
Do companies need to
On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote:
in CT, how do you tell if a newly-generated cert is legitimate or not?
Say, I am a state-sponsored attacker and can get a cert signed by my
national CA for barclays. How do you tell this cert is not legitimate? It
could have
On Thu, Aug 1, 2013 at 5:04 PM, Nico Williams n...@cryptonector.com wrote:
On Thu, Aug 1, 2013 at 12:57 PM, wasa bee wasabe...@gmail.com wrote:
... If everyone does their part CT causes the risk
of dishonest CA behavior discovery to become to great for CAs to
engage in such behavior.
Sorry to