Dear Matt, On Sep 28, 2014, at 3:35 PM, Matt Palmer <[email protected]> wrote:
> I had nothing to do with the content on that webpage. Not everyone > interested in CT works for Google, y'know. Right you are, my apologies, I should have said "Google's documentation". >> "we think “every major CA” is within limits of feasibility" >> >> http://www.certificate-transparency.org/faq > >> And using Jacob's numbers from here: >> >> http://www.ietf.org/mail-archive/web/therightkey/current/msg00745.html > > The word "major" does not appear anywhere in the content of that resource. > Thus, you're comparing apples with oranges -- the Google CT FAQ suggests > that "every major CA" may run a log, while your resource says there may be > between "more than 1200" and 1832 CA certificates (total, comprising both > roots and intermediates) in active existence, but with no indication of how > many of those may be considered "major". Thank you (and Ralph) for bringing this up! I've updated the blog post to add this sentence in bold underneath the attack picture (at the end of claim #1): Edit September 28, 2014: The number of CAs out there is disputed [1], and not all CAs will necessarily [2] have their own log. [1] http://www.ietf.org/mail-archive/web/trans/current/msg00604.html [2] http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/www.ietf.org/mail-archive/web/trans/current/msg00606.html Kind regards, Greg Slepak -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
