This is about barely capable sysadmins.

Different problem.


On Thu, Nov 1, 2012 at 11:14 AM, Paul Hoffman <paul.hoff...@vpnc.org> wrote:

> On Nov 1, 2012, at 2:10 AM, Ben Laurie <b...@google.com> wrote:
>
> > Its only software. The process of participating in CT for a server
> operator is:
> >
> > 1. Run command line tool once, giving it your certificate as input and
> > an SCT file as output.
> >
> > 2. Add one line of configuration to your server config.
> >
> > Not exactly rocket science. If people _really_ find it hard, we could
> > build it into the servers so there was no manual step at all.
>
> As someone who has to trust every CA in the root pile in my browsers and
> OSs, I find it frightening that a CA who can say "this is your bank's
> certificate" cannot handle new requirements for how to say that. If
> adopting a simple protocol like this causes an ossified CA too many
> problems, maybe I don't trust that CA to be able to issue certificates for
> my bank, much less to be able to know which certificates that they are
> actually issuing.
>
> --Paul Hoffman
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey
>



-- 
Website: http://hallambaker.com/
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey

Reply via email to