Unless you're a PhD professor at Stanford, Cornell, etc. you probably don't want to be designing your own distributed consensus algorithms
@taoeffect @ln4711 if all CAs were onboard with CT, browsers could show the user a warning if the cert weren't in public audit logs...
-
-
@taoeffect@ln4711 whether that will cause users to take the correct action remains to be seen. Security UX is a very hard problemThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@taoeffect why would all be required? anybody can submit certs to logs. -
@ln4711@taoeffect leaving a permanent audit trail of misissuance, so hopefully the target domain holder can discover it -
@bascule@taoeffect couldn't that be done with zero CA:s on board? domain owners and clients could submit. -
@ln4711@taoeffect CT really needs to be ubiquitous for it to have the right UX for users i.e. show scary bar unless audit logs are present -
@ln4711@taoeffect right now audit log info is tucked away in Chrome because nobody is using CT so it's unhelpful to users -
-
@bascule@ln4711 b/c: "Best case scenario: mis-issuance detected after damage has been done. The CA blames hackers.”https://github.com/okTurtles/dnschain/blob/master/docs/Comparison.md … -
@taoeffect@ln4711 that's the worst case scenario. Best case attacking CA doesn't submit the cert to the logs and user deterred by warning - 13 more replies
New conversation -
-
-
-
@taoeffect@ln4711 there are often multiple valid certs for different combinations of SANs at any given point in time -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.