Re: [therightkey] [cabfpub] Thoughts on reducing SCT sizes (was Re: Updated Certificate Transparency + Extended Validation plan)
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 18 February 2014 17:08 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A3E31A03F9 for <therightkey@ietfa.amsl.com>; Tue, 18 Feb 2014 09:08:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-mCAPCUEU05 for <therightkey@ietfa.amsl.com>; Tue, 18 Feb 2014 09:07:57 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 7CE691A024F for <therightkey@ietf.org>; Tue, 18 Feb 2014 09:07:57 -0800 (PST)
Received: from [10.70.10.63] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 4B45AF984; Tue, 18 Feb 2014 12:07:53 -0500 (EST)
Message-ID: <5303935D.4060206@fifthhorseman.net>
Date: Tue, 18 Feb 2014 12:07:41 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0
MIME-Version: 1.0
To: "therightkey@ietf.org" <therightkey@ietf.org>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <04a001cf21cf$3a649190$af2db4b0$@digicert.com> <CAL9PXLyWFSfHz_230SkWLvr7sUROPv_k0rfKgmkMRRttk-EjGQ@mail.gmail.com> <52F2305C.5040107@comodo.com> <0b3f01cf228d$fef92e30$fceb8a90$@digicert.com> <CABrd9SR3+ByEMeXRpbMiwUatqNcoyjv=vHxgr1tdfE8p=oWH-g@mail.gmail.com> <E1BBA898-CC1E-47B5-878D-299099E71F25@entrust.com> <CABrd9SRDRzb+ZruoKbn4K5bE8bQY4k8=vi9yvj2HHtcJ97SHBQ@mail.gmail.com>
In-Reply-To: <CABrd9SRDRzb+ZruoKbn4K5bE8bQY4k8=vi9yvj2HHtcJ97SHBQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="pO6pjnaMc1jw0rsh2OLkQLRcDg5wV7mhJ"
Archived-At: http://mailarchive.ietf.org/arch/msg/therightkey/7DUWIs_pQljyyyf4f91mszIKzwA
Cc: "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Thoughts on reducing SCT sizes (was Re: Updated Certificate Transparency + Extended Validation plan)
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 17:08:03 -0000
On 02/18/2014 11:58 AM, Ben Laurie wrote: > On 18 February 2014 15:37, Tim Moses <tim.moses@entrust.com> wrote: >> Ben - Will Chrome deny EV status to a certificate with too few SCTs, or will it grant EV status as long as at least one of its SCTs is from a log that remains in the program? > > It will deny. Doesn't this reintroduce the perverse incentive to avoid killing a known-misbehaving log? one of the nice things about requiring corroborative SCTs on new certs is that we can kill any log that is misbehaving without any pushback from certificate-holders concerned that their site will "go dark" (or "lose the fancy green label", in this EV case). If we make it so that the EV label goes away when either of the corroborators dies, then certificate holders have incentive to support a failed log, even though this goes against the best interests of their users. --dkg
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron