[cryptography] Certificate Transparency: working code

Thierry Moreau thierry.moreau at connotech.com
Thu Mar 1 16:14:27 EST 2012


Ben Laurie wrote:
> http://www.links.org/?p=1226
> 
> Quite a few people have said to me that Certificate Transparency (CT) 
> sounds like a good idea, but they’d like to see a proper spec.
> 
> Well, there’s been one of those for quite a while, you can find the 
> latest version [...],
> or for your viewing convenience, I just made an HTML version 
> <http://www.links.org/files/sunlight.html>.
> 

May I ask a (maybe stupid) question?

"... audit proofs will be valid indefinitely ..."

Then what remains of the scheme reputation once Mallory managed to 
inject a fraudulent certificate in whatever is being audited (It's 
called a "log" but I understand it as a grow-only repository)?

Actually, my expectation would be to read an explanation of which 
security services are being offered, and which kind and level of 
assurance the CT server operating organization is expected to provide. 
What is the problem being addressed and to who does the main benefit 
accrue / from whom involvement is expected? Once I can see these, I may 
appreciate Apache and browser backward compatibility features and the like.

Thanks for your patience with my scrutiny.


-- 
- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1

Tel. +1-514-385-5691



More information about the cryptography mailing list