so certificate transparency is a blockchain that allows misbehavior but hopes that auditors can catch it, am I on the right track?
-
Show this thread
-
Replying to @cryptodavidw
We tend to avoid describing it as a “blockchain” but essentially yes. Think of the quorum of SCTs passed to UAs as a “union” consensus mechanism.
2 replies 0 retweets 3 likes -
-
Replying to @cryptodavidw
User Agent; think browser or SDK that enforces CT.
1 reply 0 retweets 1 like -
Replying to @rmhrisk
so, the only way I (the user) can detect a misbehaving log is to verify proofs of inclusion, persist a root hash of logs I see, and update them only if I see an append-only update proof, and gossip these root hashes to others. Who are these others though and how can I trust em?
2 replies 0 retweets 0 likes -
No. It's a difficult problem, complicated by legacy technical and business constraints. I explore the problem space a bit in this blog post: https://www.agwa.name/blog/post/how_will_certificate_transparency_logs_be_audited_in_practice …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.