On Mon, 17 Dec 2018 at 18:49, Matthew Finkel matthew.finkel@gmail.com wrote:
This seems like it has the same goal as Mozilla's Binary Transparency log: https://wiki.mozilla.org/Security/Binary_Transparency
I'm not sure if Mozilla are actively working on this, but based on the two bug on that page, it seems like it isn't a priority right now: https://bugzilla.mozilla.org/show_bug.cgi?id=1341397 https://bugzilla.mozilla.org/show_bug.cgi?id=1341398
I'm playing PM for this, even though I'm not a PM. That's one of the reasons it is slow =)
BT is mostly lacking a top-down call to arms to have the disparate teams prioritize it. We've actually made good progress in the quarter, more than we have in the 3 quarters before that. We are lacking some crucial integration steps in our release pipeline though. I'm hoping we will be deploying it in none-enforcement-telemetry-make-sure-everything-is-okay mode next year.
I will note that while the goals are similar, at Mozilla we are hacking on top of the CT infrastructure rather than doing this cleanly because there isn't a production-grade BT infrastructure to work with yet.
-tom