|
|
|
|
|
|
by crote
197 days ago
|
|
|
Having Chrome/Firefox asynchronously check the CT log 0.1% of the time would probably be enough to solve that. CT logging is mandatory, and even a single missing cert is probably going to be an existential threat to any CA. The fact that someone is checking is already enough of a deterrent to prevent large-scale attacks. And if you're worried about spearphishing-via-MitM, you should probably stick to Tor. |
|
|