|
|
|
|
|
|
by andrewdavidwong
3500 days ago
|
|
|
I don't speak for Joanna, but I interpret that quotation as saying something like: "Users are always fated to trust the 'last mile' vendor because the last mile vendor (e.g., Google Chrome), has control over what the user sees and does (i.e., sends and receives). If your Chrome browser is compromised or malicious, it can silently ignore the fact that no CT announcement is attached to a cert. In this sense, the user is fated to trust Chrome. "Moreover, there's little feasibility in implementing any form of trust distribution for them, but this is not to say that there's little feasibility in implementing a system that keeps them relatively secure. Users running a non-malicious, non-compromised instance of Chrome do not have any form of trust distribution, since they place all their trust in Chrome (though they probably don't realize it). Nonetheless, Chrome may be keeping them relatively secure as long as it's working properly." |
|
|
Do you have any thoughts on why codebase.db should exist, versus pushing the same hashes to a CT log and having clients check for CT announcements? Seems like CT is a clear improvement.