Dmitry,
My fault. The certs with unnecessery permissions are a subject to be
Monitored, not Audited.
no problem.
There is a high-level description of the Auditors here:
http://www.certificate-transparency.org/what-is-ct:
=====
Auditors are lightweight software components that typically perform
two functions. First, they can verify that logs are behaving correctly
and are cryptographically consistent. If a log is not behaving
properly, then the log will need to explain itself or risk being shut
down. Second, they can verify that a particular certificate appears in
a log. This is a particularly important auditing function because the
Certificate Transparency framework requires that all SSL certificates
be registered in a log. If a certificate has not been registered in a
log, it's a sign that the certificate is suspect, and TLS clients may
refuse to connect to sites that have suspect certificates.
=====
It is not integrated as a part of neither RFC 6962 nor current draft,
but it provides a high-level explanation of the Auditors' role.
Until this text is part of an IETF document, it doesn't enter into our
discussion :-).
Frankly it seems a bit counterproductive to have a separate site where
info about CT is
being posted, while we try to discuss 69269-bis in this WG.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
