undefined | Better HN

0 pointscrote3mo ago0 comments

Having Chrome/Firefox asynchronously check the CT log 0.1% of the time would probably be enough to solve that.

CT logging is mandatory, and even a single missing cert is probably going to be an existential threat to any CA.

The fact that someone is checking is already enough of a deterrent to prevent large-scale attacks. And if you're worried about spearphishing-via-MitM, you should probably stick to Tor.

0 comments

wakawaka283mo ago

How will you establish a connection to the CT log server? Seems like you need a separate way to handle that.

j / k navigate · click thread line to collapse

0 pointscrote3mo ago0 comments

Having Chrome/Firefox asynchronously check the CT log 0.1% of the time would probably be enough to solve that.

CT logging is mandatory, and even a single missing cert is probably going to be an existential threat to any CA.

The fact that someone is checking is already enough of a deterrent to prevent large-scale attacks. And if you're worried about spearphishing-via-MitM, you should probably stick to Tor.

0 comments

wakawaka283mo ago

How will you establish a connection to the CT log server? Seems like you need a separate way to handle that.

j / k navigate · click thread line to collapse