> Everyone agrees that no evidence of mal-issued certificates exists. This is on... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pifm_guy on Dec 1, 2022 \| parent \| context \| favorite \| on: Mozilla moves to distrust the TrustCor CA > Everyone agrees that no evidence of mal-issued certificates exists. This is one thing CT logs are useful for. As soon as logging certificates to a public log becomes commonplace, then misissued certificates can't be used in private without a high chance of the world being told about what's going on.

snoopy_telex on Dec 1, 2022 | [–]

Don’t you have to trust the CA to actually log all the certs they issue? What’s to stop a rogue CA from logging all but a few key certs?

pifm_guy on Dec 4, 2022 | | [–]

Anyone else can log a cert too. There was talk of Chromium logging any cert that chains to a public root that they find un-logged.

j33zusjuice on Dec 1, 2022 | [–]

Nice. I had no idea such a thing existed, tbh.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact