** actors
- web user (WU)
- browser vendor (BV)
- domain owner (DO)
- ca (CA)
- mallory (MA)
- log operator (LO)
- log monitor (MO)
** key to reading stories
- long term setup is prefixed with "LT"
- medium term events is prefixed with "MT"
- short term events is prefixed with "LT"
** story 1 -- correct key, logged
- LT: BV adds root cert for CA to browser trust store
- LT: BV adds log key for LO to list of trusted logs
- MT: DO acquires certificate (CERT) for DOMAIN signed by CA
- MT: DO additionally receives a signed certificate timestamp (SCT)
  for DOMAIN from CA, which CA in turn gets from LO
- MT: DO installs cert and SCT in server
- ST: BU types DOMAIN into browser from BV
- ST: DO server sends CERT and SCT to BU browser
- ST: BU browser successfully validates CERT using trust store
- ST: BU browser successfully verifies SCT using list of trusted logs
  and shows the green padlock
- ST: BU browser uses the right key for DOMAIN
- ST: BU sees a green padlock
- happy ending
** story 2 -- mitm with incorrect key, not logged
- LT: BV adds root cert from CA into browser trust store
- LT: BV adds log key for LO to list of trusted logs
- MT: DO acquires certificate (CERT1) and SCT1 for DOMAIN signed by CA
- MT: MA manages to get a certificate (CERT2) for DOMAIN signed by CA
- ST: BU types DOMAIN into browser from BV
- ST: MA intercepts traffic between BU and DO and 
  - sends CERT2 to BU browser
  - connects to BU server
- ST: BU browser successfully validates CERT2 against trust store
- ST: BU browser misses an SCT and doesn't show the green padlock
- ST: BU browser uses the wrong key for DOMAIN
- ST: BU does not see a green padlock
- happy ending
** story 3 -- mitm with incorrect key, logged
- LT: BV adds root cert from CA into browser trust store
- LT: BV adds log key for LO to list of trusted logs
- MT: DO acquires certificate (CERT1) and SCT1 for DOMAIN signed by CA
- ST: MA manages to get a certificate (CERT2) for DOMAIN signed by CA
- ST: MA logs CERT2 and gets SCT2 from LO
- ST: BU types DOMAIN into browser from BV
- ST: MA intercepts traffic between BU and DO and 
  - sends CERT2 and SCT2 to BU browser
  - connects to BU server
- ST: BU browser successfully validates CERT2 against trust store
- ST: BU browser successfully verifies SCT using list of trusted logs
  and shows the green padlock
- ST: BU browser uses the wrong key for DOMAIN
- ST: BU sees a green padlock
- sad ending, but see story 4
** story 4 -- domain owner learns about misissuance
- LT: MO sets up service which monitors LO log
- MT: DO acquires certificate for DOMAIN signed by CA
- MT: DO registeres with MO service asking for news about DOMAIN
- ST: MO finds CERT2 from story 3 and informs DO
- ST: DO reports CERT2 to BV
** story 5 -- browser vendor kicks out ca
- ST: BV receives notice about misisuance in story 3 of CA, backed by
  proof found in log signed by LO
- ST: BV verifies misissuance and kicks the CA out of its trust store
- happy ending