> 1. CAs make mistakes but aren't malicious. > 2. CAs are malicious but logs are not > 3. CAs and logs are both malicious
The original focus was mainly about catching wrong certs, which was really a focus on CA mis-issuance. Logs were intended to be a check on that, and monitors and auditors were layers on top that would catch erroneous logs. Have you read the threat model doc? I assume yes, but it never hurts to ask. _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
