[Cryptography] Moving forward on improving HTTP's security

Fri Nov 15 18:52:26 EST 2013

On 11/15/2013 06:02 AM, James A. Donald wrote:
> 
> This being so, why should we care about CA signatures? 

Maybe in the medium/long term, perhaps. As of now, there is
I think exactly one CT log operational. Putting all eggs in
Google's basket doesn't sound like a good plan to me.

Having said that, I like CT, and I know the Google people
would like more logs to exist, and maybe there're some being
stood up already for all I know, but CT is not yet ready
for that level of prime-time. I'd say it is by far the most
credible big-DB-of-public-keys candidate at present though
so it might get there sometime.

S.