On Tue 2016-02-23 03:06:25 -0800, Ben Laurie wrote: > Fair point. At least two ways of doing this: > > a) Run a log that is not trusted for HTTPS connections.
(trolling: i thought logs didn't have to be trusted...)
what encourages any party in the ecosystem to log in this untrutsed log?
> b) Continue to accept certs from X, but don't allow SCTs after the last
> good timestamp for X.
What does this buy us? Can't an inclusion proof (post-MMD) from this
log perform the same role as the SCT?
--dkg
signature.asc
Description: PGP signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
