To further support your claims here, Chris, there are already tools coming out
which actively monitor domains in CT logs and can be set up with notifications
of misissuance:
https://www.digicert.com/certificate-monitoring/
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/EPv_u
My point is that you cannot say CT "effectively destroys the attack value of
mis-issuance" and then as justification say that you are assuming someone will
notice. This is the gap I'm talking about: the space between when a
mis-issuance takes place and when someone notices.
For the sake of argu
On Fri, Jun 5, 2015 at 8:04 AM, Peter Kurrasch wrote:
>> Certificate Transparency gets us what we want, I think. CT works
>> globally, and is safer, and significantly changes the trust equation:
>>
>> * Reduces to marginal/effectively destroys the attack value of mis-issuance
>
> Please clarify
On 08/06/15 14:54, Hubert Kario wrote:
On Wednesday 03 June 2015 09:43:23 Eric Mill wrote:
This is outstanding - simple, but totally what people need to start getting
the idea and benefit of CT.
One high ROI addition might be RSS feeds for search terms. That way, I
could create e.g. an IFTTT al
On Wednesday 03 June 2015 09:43:23 Eric Mill wrote:
> This is outstanding - simple, but totally what people need to start getting
> the idea and benefit of CT.
>
> One high ROI addition might be RSS feeds for search terms. That way, I
> could create e.g. an IFTTT alert that emails me whenever a ce
5 matches
Mail list logo