On Nov 1, 2012, at 2:10 AM, Ben Laurie <b...@google.com> wrote: > Its only software. The process of participating in CT for a server operator > is: > > 1. Run command line tool once, giving it your certificate as input and > an SCT file as output. > > 2. Add one line of configuration to your server config. > > Not exactly rocket science. If people _really_ find it hard, we could > build it into the servers so there was no manual step at all.
As someone who has to trust every CA in the root pile in my browsers and OSs, I find it frightening that a CA who can say "this is your bank's certificate" cannot handle new requirements for how to say that. If adopting a simple protocol like this causes an ossified CA too many problems, maybe I don't trust that CA to be able to issue certificates for my bank, much less to be able to know which certificates that they are actually issuing. --Paul Hoffman _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey