[SSL Observatory] Can we really use the map? was Re: Witnessed Google certificate change again (includes details like certs, CRL...)
ArkanoiD
ark at eltex.net
Wed Jan 19 23:12:53 PST 2011
I was thinking about using the Observatory data to "map out" private and national CAs that are intended to be valid within some known domain of trust (actually, to "map in" those that are not) and using that data for more paranoid validation, detecting possible mismatches.
Do you think the idea is viable?
On Wed, Jan 19, 2011 at 05:12:19PM -0700, Steingruebl, Andy wrote:
>
> Equally bad is the current situation where any CA can hand you a cert for a domain, and you have no way to tell that they are "authorized" to make said assertion.
>
More information about the Observatory
mailing list