This post explains how undetected MITM attacks still remain possible even if Google's Certificate Transparency (CT) becomes widely deployed, and it dissects many of Google's false and misleading claims about it.
Many thanks go to Zaki (@zmanian), Simon (@simondlr) and others to reviewing it prior to publication: http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/ Kind regards, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography