I haven’t had time to keep up on this list in a long time so sorry if I’m out of the loop. But given recent events, I just needed to ask once more…
Do you all still feel that an adversary who can (a) control the victim’s network access, (b) acquire any one CA key, and (c) acquire any two log server keys is not a sufficiently realistic threat model for CT to motivate the incorporation of collective witness cosigning? Background reminder: - https://freedom-to-tinker.com/2016/03/10/apple-fbi-and-software-transparency/ - http://dedis.cs.yale.edu/dissent/papers/witness-abs Thanks Bryan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
