guys--just looking to use some real examples.)
Original Message
From: Rob Stradling
Sent: Tuesday, April 14, 2015 8:14 AM
To: Peter Kurrasch; dev-security-policy@lists.mozilla.org
Subject: Re: What is the security benefit of certificate transparency?
Peter, CT is a detection mechanism, so I'd
Breaking this part of the discussion out of the CNNIC thread
So, to paraphrase, the security benefit to CT is on par with posting speed
limits along a highway: if you're going to break the rules, don't get caught.
And if you do get caught, have a good excuse--although in the case of CT
Subject: Re: What is the security benefit of certificate transparency?
Problem: Mis-issuance sometimes happens, whether by accident or by
attack. We don't always know about mis-issuance when it happens.
Sometimes we learn by luck; but without luck, it's invisible.
Solution: Require issuers to issue
3 matches
Mail list logo