Certificate Transparency is a promising technology, a new "relatively fair" a way otema or a new round of "government vs corporations"?

Read about Certificate Transparency (CT). A lot of thought...

There have been many initiatives against fraud, but only of them ended up with zilch. CDs which had become an insurmountable barrier in the way of the pirates so spurred the piracy that it is neigh :) SPF and DKIM, designed to protect the world from spam...well, maybe from some part of and protect, but in my opinion the first one who has mastered the SPF is a spam.

I see here several problems:

SA will start to take some money for ST
- Spammers will start to raise server logs to collect information from certificates, which often contain mailing addresses
This will complicate the work of the enterprise CA that the intention of Google and well-known SA should lead to the fact that people will cease to deploy their SA and will massively buy their certificates
- This should complicate the work of public enterprises, which sniffed SSL at the state level, such as the history of Kazakhstan - I can't remember what it was over the matter, but the announcement was
July 2nd 19 at 17:09
1 answer
July 2nd 19 at 17:11
https://www.certificate-transparency.org/what-is-ct

Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals:

  • Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
  • Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
  • Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued.
SA will start to take some money for ST
can. As well as the certificates themselves are not free.

Spammers will raise the server logs to collect information from certificates, which often contain mailing addresses
horror. Spammers spam only email, which are written in the certificates

This will complicate the work of the corporate CA that the intention of Google and well-known SA should lead to the fact that people will cease to deploy their SA and will massively buy their certificates
if corporate SA is so lazy that you can't upgrade the software to simplify their customers, then Yes

This should complicate the work of public enterprises, which sniffed SSL at the state level
well

The world is complex and without stupid conspiracy
1. Certificates are not free, but ST - just another reason to "sell air"?
2. Not only. But now the task of finding valid email adresses will be easier - put logserver Parsees data
3. What excuse of software? I have no jelanie share of corporate certificates and I did not include the ST OID in the certificate. Chrome in response, I said "or a forest, dude, you're suspicious." I chrome upgrade? :D
4. I) Because the government will come up with a new move - and will suffer the common users - Esta_Upton commented on July 2nd 19 at 17:14
:
1. You work in it? You produce code. Code material. You produce "air". You work for free?

In fact: the buyer of the certificate will now have information about your domain and the ability to monitor the situation

In your situation security over obscurity, makes your organization more vulnerable. And in fact, there is no guarantee that all signatures in your organization is not compromised

2. Now similarly
3. OK. Using the certificate inside - do not use the web out
4. For every cunning state has its own cunning people - marilyne_Roh commented on July 2nd 19 at 17:17
: 1. Yeah. And all the others who raised their server logs, they will know that you received the certificate, and that you have such and such soap. I know, I don't want to share my soap with the world I got that in the mail, enough spam.
In my organization they are certainly not compromised :)
2. Yes, now and public the postal service is drained and everything. But it will get easier.
3. Can't. I need to provide access to email from a web muzzle, with tablets, phones, certificates is in order and necessary to ensure safety.

And, by the way, I don't remember that we drank brotherhood... - Esta_Upton commented on July 2nd 19 at 17:20
:
1. Those about your soap and you know it all, but you're too shy to show it in the certificate - it is strange
"certainly not compromised" - now that was funny
2. Let me remind you, about your mail already know everything
3. Then be-kind - to provide security to its users

I would not be so sure - marilyne_Roh commented on July 2nd 19 at 17:23
Soap in the profile. Write where, when and under what circumstances was it, if so sure. Troll I, too, know how. - Esta_Upton commented on July 2nd 19 at 17:26
Well, if my soap you know and I mean know You. And I give You permission to publish it here. Go for it. - Esta_Upton commented on July 2nd 19 at 17:29
I am not a spammer :) - marilyne_Roh commented on July 2nd 19 at 17:32
And I will stock up on popcorn and think - what kind of soap they know everything. Which.. well, perhaps a dozen will be... - Esta_Upton commented on July 2nd 19 at 17:35
: Well I knew it :) As always, big words - but in the end just blah-blah-blah. I ask You not to send out spam :) I give You permission to publish right here my soap. After all it and so all know, so nothing bad will happen. - Esta_Upton commented on July 2nd 19 at 17:38

Find more questions by tags Digital certificates