| ▲ | JoshTriplett 4 days ago | |||||||
> Why worry about E2E encryption, in theory just need a cert issued from a vast array of CAs or intermediates. Certificate Transparency thankfully means this is a tool a government could only use once if at all, and then they've burned an entire CA. | ||||||||
| ▲ | CommanderData 4 days ago | parent [-] | |||||||
Isn't certificate transparency opt-in, so any trusted CA could be a potential attack route. | ||||||||
| ||||||||