CA/CT Redaction: Difference between revisions

Jump to navigation Jump to search
More equivocation on DNS reconnaissance
(More equivocation on DNS reconnaissance)
Line 19: Line 19:
===== Response =====
===== Response =====


This is an argument for security through obscurity, the value of which is given different weights by different security professionals. However, in this case, the measure will not succeed in achieving the obscurity sought because hostnames leak in a number of other ways.
This is an argument for security through obscurity, the value of which is given different weights by different security professionals. It is noted that hostnames leak in a number of other ways and so the level of obscurity this provides is also disputed; other DNS reconnaissance techniques may well work but be more complex or time consuming than simply consulting a CT server.


As for multiple wildcard certs being hard to track, they would have different serial numbers, so automated provisioning software could tell them apart without difficulty.
As for multiple wildcard certs being hard to track, they would have different serial numbers, so automated provisioning software could tell them apart without difficulty.
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Navigation menu