Certificate Transparency Hack Day

Graham Cobb g+ukcrypto at cobb.uk.net
Mon Aug 12 14:12:02 BST 2013

On 03/08/13 14:48, Ben Laurie wrote:
> By the way. we updated the website, hopefully it makes it clearer:
> http://www.certificate-transparency.org/

I have read through the material and I have one question...

How does CT interact with self-signed or other limited CAs (such as
enterprise CAs)?

There are some more detailed questions as well...

Can CT be used with self-signed certificates (in theory and/or in
practice -- will any log actually accept certificates from private CAs)?

If a log does accept a self-signed certificate from a personal CA does
that in any way prevent anyone else from issuing a certificate for the
same domain (either self-signed, or from a major CA)?

If a log does accept self-signed certificates, what happens if I try to
submit a self-signed certificate for www.google.com?

Can an enterprise or individual run their own log for their certificates
and configure their client to handle both public and private logs?

Apologies if these should be obvious.


More information about the ukcrypto mailing list