With CT the attacker has these choices: - compromise the target zone and its logs - compromise the target zone and be an MITM forever more and hope that no one notices the logged changes
This is a significant improvement over the current situation, where the attacker can be an undetected MITM when and as desired once they compromise the zone. Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
