136
edits
CA/CT Redaction: Difference between revisions
→Logging Reveals Commercially Sensitive Information: Added threat of revealing new services
(→Redaction Reduces Visibility and Accountability To The Public: Added CA redaction by default) |
(→Logging Reveals Commercially Sensitive Information: Added threat of revealing new services) |
||
| Line 46: | Line 46: | ||
Manufacturers using IoT certificates won't want to show the number of devices they have shipped, and redaction may help keep this information private. | Manufacturers using IoT certificates won't want to show the number of devices they have shipped, and redaction may help keep this information private. | ||
Competitors scanning CT logs could infer new product/service offerings prior to their public release. | |||
===== Response ===== | ===== Response ===== | ||
How? even if we grant for the sake of discussion that counting certificates is a good way of determining how many devices are shipped, redaction won't change the number of certificates logged. | How? even if we grant for the sake of discussion that counting certificates is a good way of determining how many devices are shipped, redaction won't change the number of certificates logged. | ||
Wildcard certificates would suffice for new unreleased services even when being tested publicly. Those could be replaced with fully-qualified certificates (including EV if desired) when the service is announced. | |||
=== Logging Reveals Personally Identifiable Information === | === Logging Reveals Personally Identifiable Information === | ||