[messaging] Namecoin
Tony Arcieri
bascule at gmail.com
Fri Aug 22 16:26:55 PDT 2014
+benlaurie
...in case he's interested in opining on this sort of thing
On Fri, Aug 22, 2014 at 4:23 PM, Chris Palmer <snackypants at gmail.com> wrote:
> On Thu, Aug 21, 2014 at 11:09 AM, Tao Effect <contact at taoeffect.com>
> wrote:
>
> > - CT cannot to deliver on its promise to document every certificate that
> is
> > issued. It makes it possible for malicious actors to issue fraudulent
> certs
> > and never actually log or report them. [2] [3]
> > - Certs must be purchased via yearly subscriptions, whereas with
> Namecoin /
> > DNSChain they are free.
> > - CT does not prevent MITM attacks, whereas DNSChain does.
> > - Whereas certificate revocation for compromised certificates is not an
> > issue in Namecoin / DNSChain, it is still an unsolved problem with CT.
> [4]
>
> http://www.certificate-transparency.org/how-ct-works
>
> """During the TLS handshake, the TLS client receives the SSL
> certificate and the certificate’s SCT. As usual, the TLS client
> validates the certificate and its signature chain. In addition, the
> TLS client validates the log’s signature on the SCT to verify that the
> SCT was issued by a valid log and that the SCT was actually issued for
> the certificate (and not some other certificate). If there are
> discrepancies, the TLS client may reject the certificate. For example,
> a TLS client would typically reject any certificate whose SCT
> timestamp is in the future."""
>
> Thus, clients can (and should) reject any certificate not issued in public.
>
> Just wanted to clear that up.
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140822/dfcc69eb/attachment.html>
More information about the Messaging
mailing list