Dear Stephen, I've been reading through this thread with fascination. Thank you for bringing up the fact that CT needs to more clearly (and accurately) state what its threat model is, what sort of protections it does and does not provide to netizens, etc.
Had I found this thread earlier this week, I would have cited parts of it in a blog post I wrote on the same topic a few days ago [1]. I don't know whether you'll find that post useful or not, but for the sake of building a threat model, I think the visual diagrams there might help others more quickly grasp the sort of attack that CT should expect to face from certain actors. I know that I am primarily a visual thinker and learner, so for me visuals are essential to fully grasping complex systems. The post does not discuss gossip because, to my understanding, the details of gossip have still not been fully agreed upon and specified in the RFC. Once they are, I will be very interested to re-evaluate what sort of impact might have. Thanks again for raising this topic on the list. Kind regards, Greg Slepak [1] http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/ -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
