[cabfpub] Question on CT: Monitoring

Rob Stradling rob.stradling at comodo.com
Fri Dec 20 21:42:25 UTC 2013


On 20/12/13 21:19, Eddy Nigg (StartCom Ltd.) wrote:
> Allow me to annoying again...
>
> CAs don't need CT to monitor and review their issued certificates (and
> process thereof). They are REQUIRED and MUST do that already today...

AIUI, whoever breached DigiNotar was able to misissue certs and prevent 
these certs from appearing in DigiNotar's database of issued certs.

I think that a CA that monitors CT logs would be more likely to detect a 
breach than a CA that only checks their database of issued certs.

> if they don't do that today, they wont do that with CT either.

That's probably true.

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online



More information about the Public mailing list