[cabfpub] Improving the security of EV Certificates
Chris Palmer
palmer at google.com
Thu Dec 19 01:25:24 UTC 2013
On Wed, Dec 18, 2013 at 5:16 PM, Rick Andrews <Rick_Andrews at symantec.com>wrote:
I concede that CT and pinning don't accomplish the same thing. They can
> both detect if a certificate was mis-issued for an existing web site that
> the domain owner knows about (say, www.example.com), but pinning cannot
> detect that a certificate was mis-issued for a web site that the domain
> owner doesn't know about (say, myfakesite.example.com). This is a
> shortcoming of pinning that was not apparent to me until now.
>
http://tools.ietf.org/html/draft-ietf-websec-key-pinning-09#section-2.1.2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131218/637ecd8e/attachment-0003.html>
More information about the Public
mailing list