[cryptography] Updated Certificate Transparency site

Ben Laurie ben at links.org
Fri Aug 2 07:27:52 EDT 2013


On 2 August 2013 11:27, Wasa <wasabee18 at gmail.com> wrote:
> On 01/08/13 22:04, Nico Williams wrote:
>>
>> If you're in a position to know what CAs are allowed to issue certs
>> for a given name, then you can check for (audit) a) issuance of certs
>> for that name by unauthorized CAs, b) issuance of new certs by
>> authorized CAs but for unauthorized public keys.
>
> who's in charge of auditing the certs? the CT people or each domain's admin?

Each domain's admin (or their agent).

> will CT automatically alert (somehow) the admin when it detects a new cert
> for a domain?

This is what monitors do (i.e. watch the logs for events of interest).
Monitors are pretty lightweight, so you can run one yourself and I
imagine people will offer monitoring services.


More information about the cryptography mailing list