Dear Love, On Sep 27, 2014, at 11:23 AM, Love Hörnquist Åstrand <[email protected]> wrote: > - the CA is sloppy/forced to issue the cert to the attacker > - cert is injected into log > - cert have SCT > - client check the SCT with the logs the clients trust, like one the is not > under the same control as the CA > - any other SCT in the cert is ignored by the client since they are not > trusted. > - MITM happened > - Auditor finds the fraudulent issued cert
Exactly how will the Auditor do that? Kind regards, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
