[cryptography] Certificate Transparency: working code
thierry.moreau at connotech.com
Thu Mar 1 16:14:27 EST 2012
Ben Laurie wrote:
> Quite a few people have said to me that Certificate Transparency (CT)
> sounds like a good idea, but they’d like to see a proper spec.
> Well, there’s been one of those for quite a while, you can find the
> latest version [...],
> or for your viewing convenience, I just made an HTML version
May I ask a (maybe stupid) question?
"... audit proofs will be valid indefinitely ..."
Then what remains of the scheme reputation once Mallory managed to
inject a fraudulent certificate in whatever is being audited (It's
called a "log" but I understand it as a grow-only repository)?
Actually, my expectation would be to read an explanation of which
security services are being offered, and which kind and level of
assurance the CT server operating organization is expected to provide.
What is the problem being addressed and to who does the main benefit
accrue / from whom involvement is expected? Once I can see these, I may
appreciate Apache and browser backward compatibility features and the like.
Thanks for your patience with my scrutiny.
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
More information about the cryptography