[cabfpub] Question on CT: Monitoring
rob.stradling at comodo.com
Fri Dec 20 21:42:25 UTC 2013
On 20/12/13 21:19, Eddy Nigg (StartCom Ltd.) wrote:
> Allow me to annoying again...
> CAs don't need CT to monitor and review their issued certificates (and
> process thereof). They are REQUIRED and MUST do that already today...
AIUI, whoever breached DigiNotar was able to misissue certs and prevent
these certs from appearing in DigiNotar's database of issued certs.
I think that a CA that monitors CT logs would be more likely to detect a
breach than a CA that only checks their database of issued certs.
> if they don't do that today, they wont do that with CT either.
That's probably true.
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public