|
|
|
|
|
|
by infogulch
2315 days ago
|
|
|
Yes, this property (CAs are capable of creating and signing near-arbitrary certs) is inherent in the concept of Certificate Authorities in general, and the log doesn't automatically fix that because nothing can. But auditors regularly check served certificates against these logs and report unlogged certificates automatically. This can be verified in your browser with things like OCSP stapling. You may find this useful: http://www.certificate-transparency.org/how-ct-works |
|
|