On Wed, Jan 18, 2017 at 8:08 AM, Salz, Rich <[email protected]> wrote:
> > Let me again bust this myth that 6962 / 6962-bis do anything to expose > rogue logs. Without some sort of consistency checking mechanism, logs can > lie without any risk of discovery. That is true of CT as deployed today. > There is no way to detect a rogue log. > > It's necessary, but not sufficient. Just like TCP is necessary but not > sufficient to enable the Web. ... > > One can compare three logs and if they differ you know who and where the > rogue is, right? > Hmm.... Not unless all logs are required to have every certificate (at least within a given scope). Otherwise, the fact that a certificate is in log A but not log B doesn't tell you anything about log B. However, if all you're doing is comparing logs for consistency about a given certificate, then you can dispense with the entire Merkle tree structure and just have the logs countersign certificates they have seen. -Ekr
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
