[cabfpub] [cabfman] Improving the security of EV Certificates
Hill, Brad
bhill at paypal.com
Wed Dec 18 14:01:43 MST 2013
Operators of large sites already often have relationships with companies that do brand monitoring for (potentially) fraudulent domain registrations. This is something they are comfortable outsourcing and managing, and monitoring the CT log could be done in a very similar fashion. Outsourced monitoring of CT is much more affordable and approachable than pinning, which essentially introduces yet another key management problem that brings with it costs and risks that, for any individual enterprise outside of a few very high-value targets, are greater than the risks the solution mitigates.
-Brad Hill
More information about the Public
mailing list