[cryptography] Auditable CAs
Seth David Schoen
schoen at eff.org
Wed Nov 30 14:37:36 EST 2011
> 3. the existance of a certificate in the log is acceptable proof of
> goodness for a browser.
> Is that it, in minimalist form?
> In analogous terms, is this like having the browser check EFF's
> repository for a second opinion? Or, like OCSP but expanding the
> servers to cover all certs from all CAs, and test on the
> certificates not the serial numbers?
The browser still has to validate the certificate, so appearing
in the log doesn't directly prove that the certificate is valid.
The question that this system makes the browser answer before
accepting a cert is:
Could the site operator know about the existence of this cert?
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the cryptography