diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/introduction.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/introduction.md b/docs/introduction.md index f10c269..65b0366 100644 --- a/docs/introduction.md +++ b/docs/introduction.md @@ -48,12 +48,12 @@ To achieve the goal of certificate mis-issuance, we want a _monitor_ that: - The attacker is unable to control two independent logs that count towards the SCT checks in web browsers. So, we need not worry about split-views and - can just download the logs and verify that they are locally consistent. + can just download the logs while verifying that they are locally consistent. - The nodes that request certificates start in good states but may be compromised sometime in the future. Detection of certificate mis-issuance is then out of scope for all domains that the compromised nodes managed. - A mis-issued certificate will only be used to target connections from a - fixed set of fixed IP addresses. Any party that can distinguish between + fixed set of IP addresses. Any party that can distinguish between certificates that are legitimate and mis-issued will never be targeted. - A domain owner notices alerts about suspected certificate mis-issuance. The monitor that generates these alerts is trusted and never compromised. |