← Back to context

Comment by aaomidi

3 years ago

Even if the US got lucky, those SCTs wouldn’t match the CT chain and would still be discoverable misissuance.

Yes, assuming someone captured the malicious certificate and checked. Which would have happened in this case now (after someone forgot to renew), but likely not before.

Browsers would happily accept it and IIRC they don't check against the logs.