We need more eyeballs and brains on Certificate Transparency. Google is quietly signing up CAs based on false info: http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/ …
-
-
@bascule Well, this too, is addressed in the post, see “wasted energy”: http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/ … -
@taoeffect an attacker with the capabilities to pull off the attack you describe can just as easily confuse either system -
@bascule Again, see discussion in false claim #2. You’re free to respond to that… -
.
@taoeffect how can software automatically detect you have the wrong block chain if the Internet is lying to you? -
.
@bascule As with anything else, it cannot. That doesn’t make the properties of blockchains and CT equivalent. -
@taoeffect CT auditors have defense-in-depth via existing verification mechanisms. "Blockchain" systems are a bunch of Sybils... -
.
@bascule If the gossip is weak, these attacks are undetectable, period. I’ll wait for Google to respond with details on Gossip. -
@taoeffect both systems gossip - 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.