Ideally the certificate would be worth, or have a value associated greater than that of the transactions being handled by the site it is protecting; Then the attacker has more to gain by invalidating the certificate…
Ok, so the date on this paper is 2014, but wasn't this proposed at least 2 years ago? I recall it being proposed as a countermeasure to the Iranian Google cert incident.
doh! embarassed. your right, Ben Laurie. i recall agl speaking about this recently, thats the association. Appologies to Ben and Adam :-)
Ideally the certificate would be worth, or have a value associated greater than that of the transactions being handled by the site it is protecting; Then the attacker has more to gain by invalidating the certificate…
Ok, so the date on this paper is 2014, but wasn't this proposed at least 2 years ago? I recall it being proposed as a countermeasure to the Iranian Google cert incident.
doh! embarassed. your right, Ben Laurie. i recall agl speaking about this recently, thats the association. Appologies to Ben and Adam :-)