On 05/11/16 19:33, Ryan Sleevi wrote: > My understanding was that Mozilla's implementation status was similar > to Chrome's a year ago - that is, that it doesn't implement inclusion > proof fetching (in the background) and that work hadn't been > scheduled/slated yet. In that case, it's a question for Mozilla about > whether to trust that logs won't lie, or whether to verify.
It is correct that there is not yet a plan for when Firefox might implement inclusion proof fetching. One thing I have been pondering is checking the honesty of logs via geographically distributed checks done by infra rather than clients. Did Google consider that too easy to game? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
