[cabfpub] Ballot 161 - Notification of incorrect issuance

Sigbjørn Vik sigbjorn at opera.com
Mon Feb 1 11:33:54 MST 2016


On 01.02.2016 18:25, Wayne Thayer wrote:

> The ambiguity introduced by adding this reporting requirement to the BRs

Perhaps you would enlighten us to what you think this ambiguity consists of?

> No, all browsers don't need CT support for it to be a comprehensive reporting mechanism. Detecting unlogged certificates is effective when just one major browser requires CT.

How would you detect an unlogged certificate used in a targeted attack 
against users on vulnerable browsers?

-- 
Sigbjørn Vik
Opera Software


More information about the Public mailing list