On 1/10/18 12:19 PM, Patrick McManus wrote:
>
> Origin takes the position that that certificate validity is the more
> useful signal and encourages the implementer to be extra careful about
> it now that it has more weight.. that's why the examples deal with the
> mis-issuance infrastucture (i.e. CT) and revocation (i.e. OCSP
> stapling) rather than bringing in other factors.
>
I've always viewed DNS + TLS as kind of a belt-and-suspenders kind of
thing, where one needs to mount two (usually unrelated) exploits to
successfully hijack an origin. I'm uncomfortable with backing down from
that, but this might just be due to a misperception on my part: is CT
deployed broadly enough that it provides a viable backstop against such
attacks? (On a quick glance, I believe that zero of the ten defects I
cited in my earlier message would have been thwarted by OCSP).
/a