April 30th 2018 we will begin the last leg of a journey that will give the world a clear view into what the WebPKI looks like. This is because Chrome start requiring all new SSL certificates on the web to include CT proofs or users will be presented warning interstitial.
-
-
Yes I struggled with a wording people not familiar with CT would understand; you are right though. As for proof verification I believe it will happen, I also sincerely believe the one Google log requirement will go away.
-
Isn't the one Google log matter just Google making sure that the certificate gets logged to at least one log for which they have an extremely strong 1st party commitment for service level and longevity? It reasons that when they can get that for free elsewhere, they will.
-
When gossip is fully specified and implemented it will not be needed. The Google log requirement is a way to make sure all things are observable until that happens.
-
I understand it to be so that Google knows certs are in at least one log for which, from Google's perspective, promises are as good as proofs. A patch until proper proof verification can...somehow...be done.
-
We know what's in the other logs, too. Note that anyone can provide a fully functional read only mirror of any log.
-
Sure, I suppose my point was that Google has an assurance level with their own logs as to said logs’ life cycles: how long it will operate and continue appending new entries, how long it will run read-only if necessary.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.