>> - Auditor finds the fraudulent issued cert > > Exactly how will the Auditor do that?
By looking at logs that the clients care about. You claim that there will be thousands of logs, I somewhat don't think so since then there will be thousands of logs the ca will send the cert to be issuing it, and that is not reasonable. So how do you keep the log honest and stop it from not adding the SCT to the log ? Well, by using gossip about the logs. You are claiming that PKIX and Internet roots are a hopeless endeavor, and I somewhat agree, you seem to want us to switch to namecoin and forget about Internet roots, and I see that as even more hopeless endeavor short term. Short term CT will make a difference. If you disagree, then there is not much more we can do then agree to disagree. Love _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
