[cryptography] Auditable CAs

Ben Laurie ben at links.org
Mon Nov 28 06:25:08 EST 2011


On Mon, Nov 28, 2011 at 10:39 AM, Chris Richardson
<chris at randomnonce.org> wrote:
> Today, a site operator can opt-out of the CA system by using a
> self-signed certificate.  When users go to the site they get a warning
> that they blindly click-through.  This degrades one of the main
> benefits of the CA system.
>
>> Browsers will need to require (at some point in the future) that all public certificates are
> accompanied by an audit proof
>> CAs that are added to the trust root by users or administrators can opt out of public audit
>
> How will the opt-out mechanism work so that it is not degraded by uses
> clicking through a warning?

Don't quite understand the question: if you have opted out you
shouldn't get a warning, surely?



More information about the cryptography mailing list