On Wed, 16 Nov 2016, Ben Laurie wrote:
(no hats on)
On 16 November 2016 at 03:46, Paul Wouters <[email protected]> wrote:
How can I as log consumer detect the difference between the log removing
illegal content and the log being compelled by a government to hide a rogue
certificate?
Court orders are court orders. That issue is not in the log's domain.
It was an example. the core isuse is, how can a consumer determine the
log censored itself with a valid reason, versus an attack, compromise,
having been compelled, or for financial gain or any other invalid reason?
Using a hash of a removed cert won't allow anyone to verify the reason
for removal. And clearly the content cannot remain their either. It's
a catch22.
Paul
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
