[messaging] Gossip doesn't save Certificate Transparency

Chris Palmer snackypants at gmail.com
Sat Sep 27 10:04:33 PDT 2014

On Saturday, September 27, 2014, Peter Gutmann <pgut001 at cs.auckland.ac.nz>

That's always puzzled me about CT, who is going to monitor these logs, and
> why
> would they bother?  This seems to be built from the same fallacy as "open-
> source code is more secure because lots of people will be auditing the code
> for security bugs".

It's a simple matter of a shell script to scan logs for misissuance for
names you care about. Google certainly cares, EFF and other activist
organizations, PayPal, Facebook, ... Anyone who is currently a target for
misissuance will write or share that shell script.

But as Trevor says, we are off topic now...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140927/c9bc3b27/attachment.html>

More information about the Messaging mailing list