IETF Logo Mail Archive

Re: [therightkey] Updated Certificate Transparency + Extended Validation plan

Rick Andrews <Rick_Andrews@symantec.com> Thu, 06 February 2014 18:51 UTC

Return-Path: <Rick_Andrews@symantec.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2528B1A0172 for <therightkey@ietfa.amsl.com>; Thu, 6 Feb 2014 10:51:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.436
X-Spam-Level:
X-Spam-Status: No, score=-7.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHmUje-WVC6G for <therightkey@ietfa.amsl.com>; Thu, 6 Feb 2014 10:51:34 -0800 (PST)
Received: from tus1smtoutpex01.symantec.com (tus1smtoutpex01.symantec.com [216.10.195.241]) by ietfa.amsl.com (Postfix) with ESMTP id EB33E1A0208 for <therightkey@ietf.org>; Thu, 6 Feb 2014 10:51:33 -0800 (PST)
X-AuditID: d80ac3f1-b7fbd8e0000048d0-66-52f3d9b4145c
Received: from ecl1mtahubpin01.ges.symantec.com (ecl1mtahubpin01.ges.symantec.com [10.48.69.201]) by tus1smtoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id B0.69.18640.4B9D3F25; Thu, 6 Feb 2014 18:51:32 +0000 (GMT)
Received: from [155.64.220.139] (helo=TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM) by ecl1mtahubpin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from <Rick_Andrews@symantec.com>) id 1WBU2t-0004jr-T9; Thu, 06 Feb 2014 18:51:31 +0000
Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.146]) by TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM ([155.64.220.139]) with mapi; Thu, 6 Feb 2014 10:51:17 -0800
From: Rick Andrews <Rick_Andrews@symantec.com>
To: Ben Laurie <benl@google.com>, CABFPub <public@cabforum.org>, "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, "therightkey@ietf.org" <therightkey@ietf.org>
Date: Thu, 06 Feb 2014 10:51:16 -0800
Thread-Topic: [therightkey] Updated Certificate Transparency + Extended Validation plan
Thread-Index: Ac8hy7q25KVc0LjMSAauxrLju8TdvwBoGRYA
Message-ID: <544B0DD62A64C1448B2DA253C011414607C3F53600@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com>
In-Reply-To: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrAIsWRmVeSWpSXmKPExsXCZeB6UnfLzc9BBl+vm1ls+HyNzWJl1wwm iynP1zBbfLzwk8WBxWPdzLPMHgs2lXrsmXiSzWPJkp9MASxRXDYpqTmZZalF+nYJXBk/7z9m KnjGU/H0KncD4x6eLkZODgkBE4k5TTPYIGwxiQv31gPZXBxCAu8YJfa/eMMIkhASeMUo8fKB FURiJaPEg/ebwRJsAnoSWx5fYQexRQTOMkqc+SwJYrMIqEj8mH4RrEZYIELizK9drBA1kRIP Jy9lhLCNJGY93QbWyysQJbFuZT8LxLIAiRs9z8HqOQUCJY40t4LVMAJd9/3UGiYQm1lAXOLW k/lMEFcLSCzZc54ZwhaVePn4HytEvajEnfb1QLs4gOo1Jdbv0odoVZSY0v0Qaq2gxMmZT1gm MIrNQjJ1FkLHLCQds5B0LGBkWcUoU1JabFicW5JfWlKQWmFgqFdcmZsIjLVkveT83E2MwHi7 wXX44w7G60sVDzEKcDAq8fAWH/scJMSaWAZUeYhRgoNZSYRXcy9QiDclsbIqtSg/vqg0J7X4 EKM0B4uSOO+S9BVBQgLpiSWp2ampBalFMFkmDk6pBsZVp6NjnpmVT95uE6zjcTKx4PYjnlni MjdOx6htVn/87urKnLduHrIODmv2FWf7ZzG7h/l+vjbbP2ijfEbq5+tif9/KBThXmuqd/2ri 8WfSjWRP/bhplXXH/SUv6O6w+HMkrfzAD+aY1EXCdjw/2eYsPznd52RJdvQKeX7bM/P6X63c lcKy5KISS3FGoqEWc1FxIgBnrk2dswIAAA==
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 18:51:36 -0000

Ben,

Can you clarify something? The SCT delivery options described in the RFC are options for the web site owner, not for the CA. CAs will need to support all three options. We will have customers who won’t do stapling and can’t handle TLS extensions, so they just want the SCTs embedded in the cert. But not all customers will prefer that option. I believe other customers will want the SCT-in-the-OCSP-response or TLS extension option, because in those options you don’t have to transmit the SCTs in every SSL handshake. I suspect some of our large customers who are obsessed with performance will demand one of these options.
 
So CAs will need to support all three options, unless you’re so small a CA that your few EV customers agree on one option. Is that your expectation?

-Rick

> -----Original Message-----
> From: therightkey [mailto:therightkey-bounces@ietf.org] On Behalf Of
> Ben Laurie
> Sent: Tuesday, February 04, 2014 9:08 AM
> To: CABFPub; certificate-transparency@googlegroups.com;
> therightkey@ietf.org
> Subject: [therightkey] Updated Certificate Transparency + Extended
> Validation plan
> 
> Enclosed, our revised plan.
> 
> Comments welcome.

v2.23.0 | Report a Bug | By Email