[cabfpub] Ballot 161 - Notification of incorrect issuance
sigbjorn at opera.com
Mon Feb 1 18:33:54 UTC 2016
On 01.02.2016 18:25, Wayne Thayer wrote:
> The ambiguity introduced by adding this reporting requirement to the BRs
Perhaps you would enlighten us to what you think this ambiguity consists of?
> No, all browsers don't need CT support for it to be a comprehensive reporting mechanism. Detecting unlogged certificates is effective when just one major browser requires CT.
How would you detect an unlogged certificate used in a targeted attack
against users on vulnerable browsers?
More information about the Public