On 01/11/12 21:55, Rob Stradling wrote:
On 01/11/12 20:33, Paul Hoffman wrote:
On Nov 1, 2012, at 1:00 PM, Rob Stradling <rob.stradl...@comodo.com>
wrote:
If by "actively participating" you mean that the CA has embedded the
CT proof in the cert, then yes, there is no requirement on the bank.
That's one definition of "actively participating", but there are
others, such as publishing a list that the auditors pick up.
What sort of list did you have in mind?
>
> Would this list be "transparent"?
> (i.e. if the CA were to publish an inaccurate or incomplete list,
> would the auditor definitely notice?)
Ah, perhaps you've got this agenda item in mind:
"JSON format for CAs to report recent certificate
issuance, Phill Hallam-Baker – 10 mins"
I think Phill coined the term "weak transparency" for this sort of
thing. I'd only been thinking about Ben's "strong transparency"
sunlight-02 proposal in this thread so far.
<snip>
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey