[cabfpub] Upcoming changes to Google Chrome's certificatehandling
Phillip Hallam-Baker
philliph at comodo.com
Tue Nov 12 12:18:37 MST 2013
>On 12 November 2013 16:44, Phillip Hallam-Baker <philliph at comodo.com> wrote:
>> I can provide several ways to do Gossip that are completely solid with
>> respect to my security metric of a social work factor over time. I introduce
>> the concept here:
>>
>> http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-00
>>
>> What I cannot do is to provide a mechanism to allow a stand alone client to
>> evaluate the Gossip traffic and use the output of the evaluation to gate
>> certificate acceptance.
>That is not the purpose of gossip in CT. Its purpose is to reveal any
>attempts to fork a log.
Why is it a problem to fork a log?
It seems to me that forking a log is a great thing, the more independent logs we have the better. Grounding each log in another log
is the purpose of Gossip.
I think that what you are calling forking the log is an authenticity attack on the log or the log maintainer presenting different
logs to different parties.
Which are the attacks I am looking to defeat.
More information about the Public
mailing list