[Cryptography] TB2F CAs as (un)official browser policy
Tom Mitchell
mitch at niftyegg.com
Mon Mar 23 19:35:59 EDT 2015
On Mon, Mar 23, 2015 at 4:23 AM, Rob Stradling <rob.stradling at comodo.com>
wrote:
> On 20/03/15 09:34, Ben Laurie wrote:
> <snip>
>
>> From what I can tell, there's quite a difference between
>>
>>
Is there a useful system designed that could demand two or three
certificates?
It seems to me that a collection of central authority resources
will always have an event at one or from time to time where
the notion of trust is not going to be absolute.
The odds of it happening to three simultaneously seems remote.
Web sites can serve up a cookie that contains the good hash of
/.CAset (and .ico) that contains a list of CAs and certs to double check.
With some cookies for local state to bootstrap the checks some
improvement seems possible especially for the traveler where Home
is well trusted.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150323/1752c1fc/attachment.html>
More information about the cryptography
mailing list