[cabfpub] [cabfman] Improving the security of EV Certificates
bhill at paypal.com
Wed Dec 18 21:01:43 UTC 2013
Operators of large sites already often have relationships with companies that do brand monitoring for (potentially) fraudulent domain registrations. This is something they are comfortable outsourcing and managing, and monitoring the CT log could be done in a very similar fashion. Outsourced monitoring of CT is much more affordable and approachable than pinning, which essentially introduces yet another key management problem that brings with it costs and risks that, for any individual enterprise outside of a few very high-value targets, are greater than the risks the solution mitigates.
More information about the Public