Ben,
...
A malicious CA can determine (via testing) which clients, by
browser type and version,
fail to perform certain syntactic checks. If the CA is creating a
bogus cert with a
particular set of clients in mind, this may suffice.
It is not clear to me that gossip has to be mandatory. So long
as some fraction of participants gossip, then clients are
protected from non-targeted attacks. Obviously this does not
remove the need to specify gossip, which is clearly required
for CT to fully realise its potential.
Perhaps we need a mechanism analagous to TLS extensions that allow CT
logs to extend their validation and advertise that fact?
I don't see how your comment relates to the discussion above.
Nonetheless, I note that there
is a proposed mechanism to embed this info in the SCT, along with the
mechanism by which a submitter
declares the type of cert being submitted (relative to IANA-registered
validation criteria).
I envisioned using this in case logs elect to perform cert validation
relative to profiles
such as the CABF DV and EV cert specs. But, one might consider using it
to inform consumers
of SCTs of the cert path validation performed by a log.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
