CT is an accountability control, not an access control We need both
Sent from my difference engine > On Apr 14, 2015, at 18:05, Matt Palmer <mpal...@hezmatt.org> wrote: > >> On Tue, Apr 14, 2015 at 01:38:55PM +0200, Kurt Roeckx wrote: >>> On 2015-04-14 01:15, Peter Kurrasch wrote: >>> Let's use an example. Suppose CNNIC issues a cert for whitehouse[dot]gov >>> and let's further suppose that CNNIC includes this cert in the CT data >>> since they have agreed to do that. What happens next? >> >> What I've been wondering about is whether we need a mechanism where the CT >> log should approve the transition from one issuer to an other. > > NO. A CT log is a *log*, not a gatekeeper. > > - Matt > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy