Let's Encrypt publishes Certificate Transparency logs: https://letsencrypt.org/d... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		warkdarrior on Feb 11, 2021 \| parent \| context \| favorite \| on: Preparing to Issue 200M Certificates in 24 Hours Let's Encrypt publishes Certificate Transparency logs: https://letsencrypt.org/docs/ct-logs/ You can both block certs that do not appear in the logs, and decide which certs not to trust ("everything after Friday the 13th at midnight is not trusted"), once you know the date/time of the intrusion.

est31 on Feb 11, 2021 | [–]

Chrome already blocks certs not appearing in CT logs, at least if it was issued in 2018 or newer.

mvolfik on Feb 11, 2021 | [–]

hmm, the logs are valid point. what scenario are we addressing here then?

but the issuance time isn't relevant, they can easily backdate the cert

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact