On Tue, Apr 14, 2015 at 01:38:55PM +0200, Kurt Roeckx wrote: > On 2015-04-14 01:15, Peter Kurrasch wrote: > >Let's use an example. Suppose CNNIC issues a cert for whitehouse[dot]gov and > >let's further suppose that CNNIC includes this cert in the CT data since > >they have agreed to do that. What happens next? > > What I've been wondering about is whether we need a mechanism where the CT > log should approve the transition from one issuer to an other.
NO. A CT log is a *log*, not a gatekeeper. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy