On Tue, Oct 20, 2015 at 1:53 PM, Robin Wilton <[email protected]> wrote:
> If it’s not appropriate, under these circumstances, to forfeit some degree > of origin privacy by invoking at least one auditor, then I think we need to > consider how to mitigate the risk that the origin is a bad actor. The context for this attack is a colluding malicious CA and log server, right? If so, is CT even intended to handle a colluding website, CA and log server? (Incidentally, since a log server knows when it is releasing proof of cheating, I suppose malicious servers would generally opt to error instead of proving their misbehaviour.)
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
