top | item 40828928

(no title)

vikarti | 1 year ago

Not only. Example: Chrome on Android did change some time ago so if CA is in System store (which means it got here from manufacturer or from user which does have root access) - such CA MUST use Certificate Transparency. This rule doesn't apply if CA is in User store (installable by regular user) - https://httptoolkit.com/blog/chrome-android-certificate-tran...

Another example: Yandex Browser ONLY trust Russian NUC certs if they are in public CT logs,not otherwise (https://habr.com/ru/companies/yandex/articles/667300/ - text is in Russian) (as far as I understood, NOT trusting this CA al all is not option for them or their users, and if user is using chrome/firefox and needs access to sites which use this CA - CA will be just be installed manually so Yandex's solution is more secure, thanks to CTs).

discuss

No comments yet.