On Mon, Sep 21, 2015 at 09:54:52PM -0400, Paul Wouters wrote: > In a first, Certificate Transparency catches Symantec forging EV cert for > Google > > https://www.eff.org/deeplinks/2015/09/symantec-issues-rogue-ev-certificate-googlecom > > It is interesting in that it apparently was a certificate issued in a > test lab, but CT caused it to end up at google.
For it to end up in a CT server, it would have to chain to a publically-trusted root (unless some CAs have test roots they've put into real CT servers, which is arguably also a dumb idea). Why is a test lab using publically-trusted roots *at all*? Looks to me like CT did its job admirably, and its a credit to everyone involved in making CT happen. - Matt _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
