Re: [therightkey] Impact on issue processes

[Chris Palmer <palmer@google.com>]

On Thu, Oct 25, 2012 at 3:40 PM, Rick Andrews <Rick_Andrews@symantec.com> wrote:

> It's going to cost engineering time and money for CAs to implement CT. The bean counters and execs who control the purse strings are going to ask what they'll get for their $$$. They'll ask "so if I spend this money, we won't get hacked, right?" and I would have to say no, it's no guarantee that we wouldn't get hacked, but if we got hacked we would know about it.

And the attackers have much less incentive to hack you. That is a
really big win. Obviously the cost is not $0, but the payoff is
significant. In a CT world, what does Comodo Hacker gain by causing
mis-issuance? It's a looooot less than now. Tell your bean counters
that.

> CT is *a* solution, but by no means the only possible solution. Is there another solution that might be less expensive and intrusive to implement? CAA might get us 80% of the way there for a fraction of the cost. DANE and cert pinning also help, and might be simpler to implement.

Obviously I like key pinning, but I consider CT (or a public log
solution generally) as the "true", long-term solution. Pinning would
probably continue to be of complementary value, as might
DANE/CAA/whatever else. But I consider that CT is where we want to be.

And other people are already offering to take on the really big costs.
Tell your bean counters that, too: It's a collaborative effort, and
other people have already started paying. It might be that all you
have to do is implement somebody else's design and talk to somebody
else's service (although obviously helping out sooner benefits you
too).