On Wednesday 10 June 2015 07:28:06 Rick Andrews wrote: > I don't understand. The domain owner/admin is not a third party.
the third party in question was an entity running the CT service and since they can produce a certificate signed by a trusted CA as a proof of misissuance, the data itself is also trusted. Independent of your trust of the third party. > > -Rick > > > > On Jun 10, 2015, at 4:01 AM, Hubert Kario <hka...@redhat.com> wrote: > > > > > >> On Tuesday 09 June 2015 11:57:40 Rick Andrews wrote: > >> > >>> On Tuesday, June 9, 2015 at 3:05:30 AM UTC-7, Hubert Kario wrote: > >>> True, OTOH, if a third party says that there was a misissuance, that > >>> means > >>> there was one. > >> > >> > >> I disagree. Only the domain owner knows for sure what is a misissuance, > >> and what isn't. It seems likely that I might turn over all known certs > >> for my domain to the third party, but they might find another one, and I > >> might say "oh, yeah, I forgot about that one". So a third party can only > >> report to the domain owner, but cannot know if the cert is legitimate. > > > > > > the implied situation was that the tool is run by the domain owner/admin > > > > -- > > Regards, > > Hubert Kario > > Quality Engineer, QE BaseOS Security team > > Web: www.cz.redhat.com > > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy