On 17/01/17 17:07, Tom Ritter wrote:
<snip>
Any comments?
It assumes the malicious log doesn't backdate a SCT..
True. So, require multiple SCTs from multiple logs, and let the TLS
client consider only the age of the most recent SCT timestamp.
It also assumes the client has a clock that is correct to the order of
a few days...
True. Is it, or might it soon be, reasonable to make that assumption?
e.g., https://roughtime.googlesource.com/roughtime sounds promising, I
think.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
