Re: [therightkey] [cabfpub] Thoughts on reducing SCT sizes (was Re: Updated Certificate Transparency + Extended Validation plan)

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 18 February 2014 17:08 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A3E31A03F9 for <therightkey@ietfa.amsl.com>; Tue, 18 Feb 2014 09:08:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-mCAPCUEU05 for <therightkey@ietfa.amsl.com>; Tue, 18 Feb 2014 09:07:57 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 7CE691A024F for <therightkey@ietf.org>; Tue, 18 Feb 2014 09:07:57 -0800 (PST)
Received: from [10.70.10.63] (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 4B45AF984; Tue, 18 Feb 2014 12:07:53 -0500 (EST)
Message-ID: <5303935D.4060206@fifthhorseman.net>
Date: Tue, 18 Feb 2014 12:07:41 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0
MIME-Version: 1.0
To: "therightkey@ietf.org" <therightkey@ietf.org>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <04a001cf21cf$3a649190$af2db4b0$@digicert.com> <CAL9PXLyWFSfHz_230SkWLvr7sUROPv_k0rfKgmkMRRttk-EjGQ@mail.gmail.com> <52F2305C.5040107@comodo.com> <0b3f01cf228d$fef92e30$fceb8a90$@digicert.com> <CABrd9SR3+ByEMeXRpbMiwUatqNcoyjv=vHxgr1tdfE8p=oWH-g@mail.gmail.com> <E1BBA898-CC1E-47B5-878D-299099E71F25@entrust.com> <CABrd9SRDRzb+ZruoKbn4K5bE8bQY4k8=vi9yvj2HHtcJ97SHBQ@mail.gmail.com>
In-Reply-To: <CABrd9SRDRzb+ZruoKbn4K5bE8bQY4k8=vi9yvj2HHtcJ97SHBQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="pO6pjnaMc1jw0rsh2OLkQLRcDg5wV7mhJ"
Archived-At: http://mailarchive.ietf.org/arch/msg/therightkey/7DUWIs_pQljyyyf4f91mszIKzwA
Cc: "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Thoughts on reducing SCT sizes (was Re: Updated Certificate Transparency + Extended Validation plan)
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 17:08:03 -0000

On 02/18/2014 11:58 AM, Ben Laurie wrote:
> On 18 February 2014 15:37, Tim Moses <tim.moses@entrust.com> wrote:
>> Ben - Will Chrome deny EV  status to a certificate with too few SCTs, or will it grant EV status as long as at least one of its SCTs is from a log that remains in the program?
> 
> It will deny.

Doesn't this reintroduce the perverse incentive to avoid killing a
known-misbehaving log?

one of the nice things about requiring corroborative SCTs on new certs
is that we can kill any log that is misbehaving without any pushback
from certificate-holders concerned that their site will "go dark" (or
"lose the fancy green label", in this EV case).

If we make it so that the EV label goes away when either of the
corroborators dies, then certificate holders have incentive to support a
failed log, even though this goes against the best interests of their users.

	--dkg