...snip... > Certificate Transparency gets us what we want, I think. CT works > globally, and is safer, and significantly changes the trust equation: > > * Reduces to marginal/effectively destroys the attack value of mis-issuance
Please clarify this statement because, as written, this is plainly not true. The only way to reduce the value is if someone detects the mis-issuance and then takes action to resolve it. From what I've seen so far, both are major gaps in CT as a security feature. Thanks. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy