IETF Logo Mail Archive

Re: [therightkey] Updated Certificate Transparency + Extended Validation plan

Adam Langley <agl@chromium.org> Wed, 05 February 2014 17:18 UTC

Return-Path: <agl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F1E1A00F7 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 09:18:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8N3nkY4lzJ03 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 09:18:20 -0800 (PST)
Received: from mail-vb0-x229.google.com (mail-vb0-x229.google.com [IPv6:2607:f8b0:400c:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id A35801A004B for <therightkey@ietf.org>; Wed, 5 Feb 2014 09:18:20 -0800 (PST)
Received: by mail-vb0-f41.google.com with SMTP id g10so519141vbg.14 for <therightkey@ietf.org>; Wed, 05 Feb 2014 09:18:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=QNykBQRJ5xWT7DcqpW6LBtrTZz5r0ESdxOJo/tQsLYQ=; b=NH8WIJtEEAk3MyuLBPLgTHc/GeYwhncN9zwMOqlcI74lwyCh/NshGjf8fBUSeXAufR 4Y9DuT2XfrD5tk+o/8L0qui0HagfOaFZ2LLRbqJ8HZloBEtFx8ymyyQsQkQw28yQnevO lkbLNg0bM4rG8zSqLiwQbMPyJIib+sBU6PTFF2ABTjQwxRwIVzepSzSMwR1S2WxHVNKM QHqVN/Ug38CB7aQfyPOshLEwMKQpg+lpmzTX7+W8ZZOtel5ouKC9prh0bBLKr7PkieH6 ZISAhUDTlwQ/uWRVtt/8giuI9d/fvt3AywVYOKTW0fVKr2yVod5X3tvGKTpxX83kRbpK OEyQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=QNykBQRJ5xWT7DcqpW6LBtrTZz5r0ESdxOJo/tQsLYQ=; b=PfzApGHiQNd9IL2pbqvKnKS8I9jRICzSJyC6Ty5V9VW5d9d/sHz4oSere54outqTnN 9314R5P4hEiWHWnu4OiyzWp5zkEwMjjuRpneW/qfMySF0fy4Yd2fdV96iUDkeR8Psvfs qWS6AhKumpjJEnzo/k/c8qZ7elxF4kZqv6W20=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=QNykBQRJ5xWT7DcqpW6LBtrTZz5r0ESdxOJo/tQsLYQ=; b=bqYRkGKN8UAc97NfHlzcQKLlnbpbaLL/vwfj1vRvWLKlhlYqrV/UGByqi2SKA58vc3 ERtJJP/4cqtdTXqA34N2XMonR2srUBDUAjWwIEUkg/gPPMGKEgmmAcwPmACbNc6RSDWG nUwAVjA5E10iW4souUw7FQH/iT9rcK82Qm+vASYPYIpzdC8clpkWX/O94N29GL3EKsBR 9e4v652T48CEzbZJjv4qi41aMypfKB6dfHjcV1cPOjt8H91jYjaI1Q6P3uXdulMW2f3s uVVSNcbqMhSj5ADEWWXg2gNvgri6iDWs27pGhdG4FXPVcSr8Hrlc8gPgtbfxrgRXCbhT pp6Q==
X-Gm-Message-State: ALoCoQkL9178C+zZ3ZyEA01dE8zl7ItarikVwnrHIg9EQvLoF9sE7Fa8O0kRRGXtKFjdu5bnP4IUJb00RewsrIoMmX8pTjb9ejsyJBf7ATEUJ/ZaRPLbEkG/GCZkTtcMYxqBxbnk0Nv/E7mchzzFyUiXlqYPNKCl0vCO6j23JU1WnypJOaCtKHcFGdZxzzbuGeFCkVRnSbaR
X-Received: by 10.58.186.132 with SMTP id fk4mr1749576vec.9.1391620699682; Wed, 05 Feb 2014 09:18:19 -0800 (PST)
MIME-Version: 1.0
Sender: agl@google.com
Received: by 10.52.104.37 with HTTP; Wed, 5 Feb 2014 09:17:59 -0800 (PST)
In-Reply-To: <C5A3D96C-64C9-4993-8F78-CCCB5272343A@vpnc.org>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <52F25835.60702@comodo.com> <C5A3D96C-64C9-4993-8F78-CCCB5272343A@vpnc.org>
From: Adam Langley <agl@chromium.org>
Date: Wed, 05 Feb 2014 12:17:59 -0500
X-Google-Sender-Auth: 6STs44PPdCLlNfTQlNfz9K2axLs
Message-ID: <CAL9PXLz-JP9pjCATZMr7-1fTrnpPkBbON1oQwbS6MDQJo9Njng@mail.gmail.com>
To: certificate-transparency <certificate-transparency@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 17:18:23 -0000

On Wed, Feb 5, 2014 at 11:55 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> The CT work seems to be based on the idea that other CAs exist, and even that CABForum members might not follow the CABForum rules. Those seem like good assumptions to me.

In this case I think the table was drafted with all certificates in
mind and we didn't remove the inapplicable rows when just considering
EV certificates.

In general, CAs that issue outside of the Baseline are skating on thin
ice whether they are CA/B Forum members or not. We can (and do)
enforce Baseline limits in software.


Cheers

AGL

v2.23.0 | Report a Bug | By Email