On Wed, Feb 1, 2017 at 3:03 PM, Salz, Rich <[email protected]> wrote: > > 1. CAs make mistakes but aren't malicious. > > 2. CAs are malicious but logs are not > > 3. CAs and logs are both malicious > > The original focus was mainly about catching wrong certs, which was really > a focus on CA mis-issuance. Logs were intended to be a check on that, and > monitors and auditors were layers on top that would catch erroneous logs. > > Have you read the threat model doc? I assume yes, but it never hurts to > ask. >
Yes, I have. I think it does a pretty good job of analyzing the various cases. -Ekr
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
