This is about barely capable sysadmins. Different problem.
On Thu, Nov 1, 2012 at 11:14 AM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > On Nov 1, 2012, at 2:10 AM, Ben Laurie <b...@google.com> wrote: > > > Its only software. The process of participating in CT for a server > operator is: > > > > 1. Run command line tool once, giving it your certificate as input and > > an SCT file as output. > > > > 2. Add one line of configuration to your server config. > > > > Not exactly rocket science. If people _really_ find it hard, we could > > build it into the servers so there was no manual step at all. > > As someone who has to trust every CA in the root pile in my browsers and > OSs, I find it frightening that a CA who can say "this is your bank's > certificate" cannot handle new requirements for how to say that. If > adopting a simple protocol like this causes an ossified CA too many > problems, maybe I don't trust that CA to be able to issue certificates for > my bank, much less to be able to know which certificates that they are > actually issuing. > > --Paul Hoffman > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey