[cabfpub] Improving the security of EV Certificates
palmer at google.com
Thu Dec 19 01:25:24 UTC 2013
On Wed, Dec 18, 2013 at 5:16 PM, Rick Andrews <Rick_Andrews at symantec.com>wrote:
I concede that CT and pinning don't accomplish the same thing. They can
> both detect if a certificate was mis-issued for an existing web site that
> the domain owner knows about (say, www.example.com), but pinning cannot
> detect that a certificate was mis-issued for a web site that the domain
> owner doesn't know about (say, myfakesite.example.com). This is a
> shortcoming of pinning that was not apparent to me until now.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public