On 2 August 2013 11:27, Wasa <wasabe...@gmail.com> wrote: > On 01/08/13 22:04, Nico Williams wrote: >> >> If you're in a position to know what CAs are allowed to issue certs >> for a given name, then you can check for (audit) a) issuance of certs >> for that name by unauthorized CAs, b) issuance of new certs by >> authorized CAs but for unauthorized public keys. > > who's in charge of auditing the certs? the CT people or each domain's admin?
Each domain's admin (or their agent). > will CT automatically alert (somehow) the admin when it detects a new cert > for a domain? This is what monitors do (i.e. watch the logs for events of interest). Monitors are pretty lightweight, so you can run one yourself and I imagine people will offer monitoring services. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
