Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
CityCat42016-11-14 05:43:06
Digital certificates
CityCat4, 2016-11-14 05:43:06

Is Certificate Transparency a promising technology, a new “relatively honest” method of weaning, or a new round of “state vs corporations”?

Read about Certificate Transparency (ST). I thought a lot ...
There were many initiatives against scammers, but most of them ended in zilch. CDs, which, in theory, were supposed to become an insurmountable barrier to pirates, spurred piracy so much that it neighed :) SPF and DKIM, designed to protect the world from spam ... well, maybe they protect from some part, but - to me, the first who mastered SPF are spammers.
I see several problems here:
- CAs will start taking separate money for CTs
- Spammers will start raising log servers to collect information from certificates, which very often contain email addresses
- This will complicate the work of corporate CAs, which, according to the intention of Google and well-known CAs, should lead to the fact that people stop deploying their CAs and start buying their certificates in bulk
- This should complicate the work of government agencies that sniff SSL at the state level, such as the case with Kazakhstan - I don’t remember how it ended there, but the announcement was

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
sim3x, 2016-11-14
@sim3x

https://www.certificate-transparency.org/what-is-ct
Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals:

  • Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
  • Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
  • Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued.
CA will start taking separate money for CT
can. Just like the certificates themselves are not free.
Spammers will start raising log servers to collect information from certificates, which very often contain email addresses
horror. Spammers spam only emails that are written in certificates
This will complicate the work of corporate CAs, which, according to the intention of Google and well-known CAs, should lead to the fact that people stop deploying their CAs and start buying their certificates in bulk
if the corporate CA is so lazy that it cannot upgrade the software to simplify the work of its clients, then yes
This should complicate the work of government agencies that sniff SSL at the state level
beautiful
The world is complicated without stupid conspiracy theories

Similar questions
J
Justin Bieber2017-05-07 11:11:08
Why isn't the letsencrypt certificate updated? 1Reply
E
elisey4742017-05-09 16:25:17
How do I renew my Lets Encrypt certificate? 4Reply
D
Drynworks2015-06-01 19:37:49
How to properly install an SSL certificate when migrating from IIS to Ubuntu 14? 1Reply
A
Anton Ivanov2015-06-02 05:32:45
Checking GET fields with a request over SSL? 1Reply
P
png23782015-06-12 23:20:05
Why do PHP pages want to open as files? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question