davidben
commented
1 year ago I think this is probably out of scope. That's not to say it isn't a worthwhile problem to solve, just that I can't imagine solutions for this class of problem (binary transparency, etc.) that would interact with the MTC component. They seem truly orthogonal. Or did you have something in mind?
In the browser use case, the RP fully trusts the browser vendor, which could send forged roots.
We could have the browser vendor send the MTC CA signatures, but a nefarious browser could patch that out, if there is no binary transparency on the browser update mechanism.
There could be a more elegant transparency design.
Is this in scope, or should we group this with binary transparency?