On Wed, Oct 1, 2014 at 10:29 AM, Stephen Kent <[email protected]> wrote: > I disagree. Once Ben said that he meant mis-issuance to be interpreted in a > much broader context, > and cited EV cert requirements as an example, I pursued documenting what > that would mean. If > the WG wants to say that mis-issuance is more than issuing a cert to the > wrong Subject, then > we need to say just what it is, not hand wave.
You are missing the point of certificate transparency. We have no idea all the forms that misissuance -- particularly malicious misissuance -- might take. If it were trivial to detect "misissuance", browsers would validate certs for "misissuance" and the problem would be solved. The point of having a log that includes everything signed with a CA's key is that analysis of issued certificates can be conducted post-hoc. Proposals to limit the scope of what logs can log kneecap CT. They should not be considered. _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
