Mention CT policy for private trust anchors.
BUG=NONE
Change-Id: I482b723c9d2a76fb518be37735b187ad593603f3
Reviewed-on: https://chromium-review.googlesource.com/629202
Reviewed-by: Emily Stark <[email protected]>
Cr-Commit-Position: refs/heads/master@{#496725}diff --git a/docs/security/faq.md b/docs/security/faq.md
index da4b3d1..425bcbdc 100644
--- a/docs/security/faq.md
+++ b/docs/security/faq.md
@@ -398,6 +398,14 @@
not trust the private trust anchor, the proxy’s attempt to mediate the
connection will fail as it should.
+<a name="TOC-How-does-certificate-transparency-interact-with-local-proxies-and-filters-"></a>
+## How does Certificate Transparency interact with local proxies and filters?
+
+Just as pinning only applies to publicly-trusted trust anchors, Chrome only
+requires Certificate Transparency (CT) for publicly-trusted trust anchors. Thus
+private trust anchors, such as for enterprise middle-boxes and AV proxies, do
+not need to be publicly logged in a CT log.
+
<a name="TOC-Can-I-use-EMET-to-help-protect-Chrome-against-attack-on-Microsoft-Windows-"></a>
## Can I use EMET to help protect Chrome against attack on Microsoft Windows?
