Mozilla Binary Transparency

[Adam Eijdenberg]

Hi all,

Saw the following posted to Hackernews today:

https://wiki.mozilla.org/Security/Binary_Transparency

If I'm understanding correctly, the plan is to issue a regular X509 certificate (probably via Let's Encrypt?) per Firefox release, for a special domain name that includes a Merkle tree hash for the files in that release, with a known suffix (".fx-trans.net").

In that manner they can piggy-back on top of the CT ecosystem (including existing logs, including existing search / monitoring tools, and presumably gossip if/when that's solved).

This seems like a really cool hack!

Cheers, Adam