[cryptography] current limits of proving MITM (Re: Gmail and SSL)

Ben Laurie ben at links.org
Mon Dec 17 08:05:04 EST 2012


On Sun, Dec 16, 2012 at 10:11 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> That means the process Google (et al) are setting up has to make
> provisions for "say nothing." Sticks are mandatory in the "catch me if
> you can" corporate world; carrots are optional.

Certificate Transparency is intended to aid with _detection_ of
mis-issue. It is silent on what happens once it is detected.

I agree that this is also an area that needs sorting out.



More information about the cryptography mailing list