Hacker News new | past | comments | ask | show | jobs | submit login

Only if there's an Expect-CT header, which is trivial to strip.



Well, no, the CT Log will include any valid certificate presented so any widespread attack will have to outright block access to the CT Logs or you're gong to have a bad time.

Expect-CT only controls if the browser will warn the user if the cert is not in the logs, it does nothing about certs being entered into the CT Logs themselves.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: