You have a lot of ideas in here, Richard!
Asking the question what is the increased risk we face by introducing new CA's
and new roots into the trust store? is a good idea. How we go about answering
that gets tricky. It might be helpful to articulate some threat models facing
CA's, both
Richard Barnes rbar...@mozilla.com wrote:
Small CAs are a bad risk/reward trade-off.
Why do CAs with small scope even get added to Mozilla's root program in the
first place? Why not just say your scope is too limited to be worthwhile
for us to include?
One way to balance this equation
On Thu, Jun 4, 2015 at 9:18 PM, Chris Palmer pal...@google.com wrote:
Certificate Transparency gets us what we want, I think. CT works
globally, and is safer, and significantly changes the trust equation:
* Reduces to marginal/effectively destroys the attack value of mis-issuance
* Makes it
3 matches
Mail list logo