➢ Can you explain the comparison that I brought up regarding trusting the
CA? That is related to " the client’s willingness to let their traffic be
intercepted".
Subverting one CA cuts across a large scale of Internet traffic and might be
noticed or can be routed around. Certificate transparency helps prevent a
single CA from being coerced into misissuance. With this extension, someone
doesn’t have to coerce a CA or force victims to trust a new CA. Instead they
have to gain the cooperation of the origin(s) they are interested in. Further,
if you mix in a coerced/force-trusted CA, you don’t even need the origin’s
cooperation.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
