*2. Even if that was a requirement, they can be faked just like the certificate.... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

yuhong on March 24, 2015 | parent | context | favorite | on: Google warns of unauthorized TLS certificates trus...

2. Even if that was a requirement, they can be faked just like the certificate.

Huh?

itistoday2 on March 24, 2015 [–]

> Huh?

Read the post, it's all there: https://blog.okturtles.com/2014/09/the-trouble-with-certific...

yuhong on March 24, 2015 | [–]

Looks like a complex attack, and "not all CAs will necessarily have their own log." and same for the converse too.

itistoday2 on March 24, 2015 | | [–]

Legitimate SCTs can be used in attacks just as well (this will probably be the common case), as explained here:

https://news.ycombinator.com/item?id=9254713

yuhong on March 24, 2015 | | [–]

Yes, CT would only allow detection. Revocation would be a different problem.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact