Re: [saag] [wpkops] [pkix] Fwd: [therightkey] Certificate Transparency Working Group?
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 06 September 2012 14:58 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD91B21F8683; Thu, 6 Sep 2012 07:58:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kq4FIW41YCvk; Thu, 6 Sep 2012 07:58:09 -0700 (PDT)
Received: from scss.tcd.ie (hermes.scss.tcd.ie [IPv6:2001:770:10:200:889f:cdff:fe8d:ccd2]) by ietfa.amsl.com (Postfix) with ESMTP id 142F621F866E; Thu, 6 Sep 2012 07:58:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hermes.scss.tcd.ie (Postfix) with ESMTP id 7FC01171486; Thu, 6 Sep 2012 15:58:08 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; h= content-transfer-encoding:content-type:in-reply-to:references :subject:mime-version:user-agent:from:date:message-id:received :received:x-virus-scanned; s=cs; t=1346943488; bh=SGDn/Gvpj2skaZ 3O25K8NbvfB1rlHxE3AEcjL9x08IE=; b=oR2zI6AmFJrPfvo2nDdGzSWj9XL0Pf Gfq5Iy83saZFF6b/gWgm555Z/nkrkrSOyV9r3FLCvIknfxg4t58tq8qR2xqhvQt0 PZPP7Q75kzC23ne0Nn8zMhwI2qcZkH6VPFSITQpwkN21esbg/5mJ24m5XHMIcwC5 dqOLQxQWdHIczOrujES9O41ZapiN44SA4AYGIQuwLoTqFvh0XWyKozexpbgghwct W5UvAbXEHpeffocvk5CvkzrodYr/ovTrvO43QM+qEuCJ5CpO+/UpZm0ab73NXVux eL8RKms7Xwv08dugoi/47lOMAxTRKZyWR2XAbNBiImWEzM5k2F4p0e5A==
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from scss.tcd.ie ([127.0.0.1]) by localhost (scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id ZMb38ijg-nek; Thu, 6 Sep 2012 15:58:08 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.44.75.103]) by smtp.scss.tcd.ie (Postfix) with ESMTPSA id D42D117147A; Thu, 6 Sep 2012 15:58:07 +0100 (IST)
Message-ID: <5048B9FF.50801@cs.tcd.ie>
Date: Thu, 06 Sep 2012 15:58:07 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: denis.pinkas@bull.net
References: <5048B653.3080902@cs.tcd.ie>, <CABrd9ST=8iRB6+d=Oka6nnM+xaZfPcR+NMx_QAF-8+_dq1XTig@mail.gmail.com> <OF7814676F.9D502DDE-ONC1257A71.00520289-C1257A71.0052028F@bull.net>
In-Reply-To: <OF7814676F.9D502DDE-ONC1257A71.00520289-C1257A71.0052028F@bull.net>
X-Enigmail-Version: 1.4.4
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Cc: pkix@ietf.org, wpkops@ietf.org, saag@ietf.org
Subject: Re: [saag] [wpkops] [pkix] Fwd: [therightkey] Certificate Transparency Working Group?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2012 14:58:10 -0000
Denis, all, Please follow-up on therightkey@ietf.org which is where this will be discussed. Thanks, S. On 09/06/2012 03:55 PM, denis.pinkas@bull.net wrote: > Part of the stated objective (i.e. verify the issuance of public X.509 certificates) > is currently addressed, within the context of OCSP, in : > > https://datatracker.ietf.org/doc/draft-pinkas-2560bis-certinfo/ > > This draft is being considered within the PKIX WG. > > The second part of the objective (i.e. making all public issued certificates available to applications) > may be dangerous in many situations. > > Denis > > -----pkix-bounces@ietf.org a écrit : ----- > A : "saag@ietf.org" <saag@ietf.org>, "'wpkops@ietf.org'" <wpkops@ietf.org>, pkix <pkix@ietf.org> > De : Stephen Farrell > Envoyé par : pkix-bounces@ietf.org > Date : 06/09/2012 16:42 > Objet : [pkix] Fwd: [therightkey] Certificate Transparency Working Group? > > Hi all, > > Please see below. Ben Laurie's looking to see if folks are > interested in a BoF on Certificate Transparency for the > IETF meeting in Altanta. > > Sean and I would be fine with that, if there's sufficient > interest etc. > > Please follow up on therightkey@ietf.org if this is a > topic that's of interest to you. > > Thanks, > Stephen. > > > -------- Original Message -------- > Subject: [therightkey] Certificate Transparency Working Group? > Date: Thu, 6 Sep 2012 15:32:05 +0100 > From: Ben Laurie <benl@google.com> > To: therightkey@ietf.org > > Would people be interested in starting a WG on Certificate > Transparency? If so, how about a BoF in Atlanta? > > Here's a draft charter... > > > CT IETF WG Draft Charter > > Objective > > Specify mechanisms and techniques that allow Internet applications to > monitor and verify the issuance of public X.509 certificates such that > all public issued certificates are available to applications, and each > certificate seen by an application can be efficiently shown to be in > the log of issued certificates. Furthermore, it should be possible to > cryptographically verify the correct operation of the log. > > > Optionally, do the same for certificate revocations. > > Problem Statement > > Currently it is possible for any CA to issue a certificate for any > site without any oversight. This has led to some high profile > mis-issuance of certificates, such as by DigiNotar, a subsidiary of > VASCO Data Security International, in July 2011 > (http://www.vasco.com/company/about_vasco/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx). > > > The aim is to make it possible to detect such mis-issuance promptly > through the use of a public log of all public issued certificates. > Domain owners can then monitor this log and, upon detecting > mis-issuance, take appropriate action. > > > This public log must also be able to efficiently demonstrate its own > correct operation, rather than introducing yet another party that must > be trusted into the equation. > > > Clients should also be able to efficiently verify that certificates > they receive have indeed been entered into the public log. > > > For revocations, the aim would be similar: ensure that revocations are > as expected, that clients can efficiently obtain the revocation status > of a certificate and that the log is operating correctly. > > > Also, in both cases, the solution must be usable by browsers - this > means that it cannot add any round trips to page fetches, and that any > data transfers that are mandatory are of a reasonable size. > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey > > > > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix > > > > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops >
- [saag] Fwd: [therightkey] Certificate Transparenc… Stephen Farrell
- Re: [saag] [wpkops] [pkix] Fwd: [therightkey] Cer… Stephen Farrell
- Re: [saag] [pkix] Fwd: [therightkey] Certificate … Santosh Chokhani
- Re: [saag] [pkix] Fwd: [therightkey] Certificate … denis.pinkas