[Cryptography] TB2F CAs as (un)official browser policy

Tom Mitchell mitch at niftyegg.com
Mon Mar 23 19:35:59 EDT 2015

On Mon, Mar 23, 2015 at 4:23 AM, Rob Stradling <rob.stradling at comodo.com>

> On 20/03/15 09:34, Ben Laurie wrote:
> <snip>
>> From what I can tell, there's quite a difference between
Is there a useful system designed that could demand two or three

It seems to me that a collection of central authority resources
will always have an event at one or from time to time where
the notion of trust is not going to be absolute.

The odds of it happening to three simultaneously seems remote.

Web sites can serve up a cookie that contains the good hash of
/.CAset (and .ico) that contains a list of CAs and certs to double check.
With some cookies for local state to bootstrap the checks some
improvement seems possible especially for the traveler where Home
is well trusted.

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150323/1752c1fc/attachment.html>

More information about the cryptography mailing list