[cryptography] Auditable CAs
ben at links.org
Mon Nov 28 06:25:08 EST 2011
On Mon, Nov 28, 2011 at 10:39 AM, Chris Richardson
<chris at randomnonce.org> wrote:
> Today, a site operator can opt-out of the CA system by using a
> self-signed certificate. When users go to the site they get a warning
> that they blindly click-through. This degrades one of the main
> benefits of the CA system.
>> Browsers will need to require (at some point in the future) that all public certificates are
> accompanied by an audit proof
>> CAs that are added to the trust root by users or administrators can opt out of public audit
> How will the opt-out mechanism work so that it is not degraded by uses
> clicking through a warning?
Don't quite understand the question: if you have opted out you
shouldn't get a warning, surely?
More information about the cryptography