[cabfpub] Misissuance of certificates
Eddy Nigg
eddy_nigg at startcom.org
Mon Nov 9 17:09:16 UTC 2015
On 11/09/2015 06:52 PM, Doug Beattie wrote:
> If the public can accesses a site and can view the certificate then I
> agree the customer has made it public.
Right!
> But, publicly trusted certificates are also used within company
> firewalls on intranets.
>
True!
> In this case the customer may have an expectation (right or wrong)
> that the certificate and the FQDNs contained within it remain "private".
>
Yes!
> We had been planning to use CT with name redaction to support making
> all certificates publicly available without exposing the exact FQDNs
> being secured.
Is that even possible? I don't think so, otherwise what's the use for CT
in first place...
And with this understanding why CT should be optional and subject to the
subscriber's consent in first place I guess.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151109/737d59d6/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151109/737d59d6/attachment-0001.p7s>
More information about the Public
mailing list