Comment by aaomidi
3 years ago
Even if the US got lucky, those SCTs wouldn’t match the CT chain and would still be discoverable misissuance.
3 years ago
Even if the US got lucky, those SCTs wouldn’t match the CT chain and would still be discoverable misissuance.
Yes, assuming someone captured the malicious certificate and checked. Which would have happened in this case now (after someone forgot to renew), but likely not before.
Browsers would happily accept it and IIRC they don't check against the logs.
Yep - this is all because of the delayed insertion into the CT tree :(