Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
Adam Langley <agl@chromium.org> Wed, 05 February 2014 17:18 UTC
Return-Path: <agl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F1E1A00F7 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 09:18:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8N3nkY4lzJ03 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 09:18:20 -0800 (PST)
Received: from mail-vb0-x229.google.com (mail-vb0-x229.google.com [IPv6:2607:f8b0:400c:c02::229]) by ietfa.amsl.com (Postfix) with ESMTP id A35801A004B for <therightkey@ietf.org>; Wed, 5 Feb 2014 09:18:20 -0800 (PST)
Received: by mail-vb0-f41.google.com with SMTP id g10so519141vbg.14 for <therightkey@ietf.org>; Wed, 05 Feb 2014 09:18:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=QNykBQRJ5xWT7DcqpW6LBtrTZz5r0ESdxOJo/tQsLYQ=; b=NH8WIJtEEAk3MyuLBPLgTHc/GeYwhncN9zwMOqlcI74lwyCh/NshGjf8fBUSeXAufR 4Y9DuT2XfrD5tk+o/8L0qui0HagfOaFZ2LLRbqJ8HZloBEtFx8ymyyQsQkQw28yQnevO lkbLNg0bM4rG8zSqLiwQbMPyJIib+sBU6PTFF2ABTjQwxRwIVzepSzSMwR1S2WxHVNKM QHqVN/Ug38CB7aQfyPOshLEwMKQpg+lpmzTX7+W8ZZOtel5ouKC9prh0bBLKr7PkieH6 ZISAhUDTlwQ/uWRVtt/8giuI9d/fvt3AywVYOKTW0fVKr2yVod5X3tvGKTpxX83kRbpK OEyQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=QNykBQRJ5xWT7DcqpW6LBtrTZz5r0ESdxOJo/tQsLYQ=; b=PfzApGHiQNd9IL2pbqvKnKS8I9jRICzSJyC6Ty5V9VW5d9d/sHz4oSere54outqTnN 9314R5P4hEiWHWnu4OiyzWp5zkEwMjjuRpneW/qfMySF0fy4Yd2fdV96iUDkeR8Psvfs qWS6AhKumpjJEnzo/k/c8qZ7elxF4kZqv6W20=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=QNykBQRJ5xWT7DcqpW6LBtrTZz5r0ESdxOJo/tQsLYQ=; b=bqYRkGKN8UAc97NfHlzcQKLlnbpbaLL/vwfj1vRvWLKlhlYqrV/UGByqi2SKA58vc3 ERtJJP/4cqtdTXqA34N2XMonR2srUBDUAjWwIEUkg/gPPMGKEgmmAcwPmACbNc6RSDWG nUwAVjA5E10iW4souUw7FQH/iT9rcK82Qm+vASYPYIpzdC8clpkWX/O94N29GL3EKsBR 9e4v652T48CEzbZJjv4qi41aMypfKB6dfHjcV1cPOjt8H91jYjaI1Q6P3uXdulMW2f3s uVVSNcbqMhSj5ADEWWXg2gNvgri6iDWs27pGhdG4FXPVcSr8Hrlc8gPgtbfxrgRXCbhT pp6Q==
X-Gm-Message-State: ALoCoQkL9178C+zZ3ZyEA01dE8zl7ItarikVwnrHIg9EQvLoF9sE7Fa8O0kRRGXtKFjdu5bnP4IUJb00RewsrIoMmX8pTjb9ejsyJBf7ATEUJ/ZaRPLbEkG/GCZkTtcMYxqBxbnk0Nv/E7mchzzFyUiXlqYPNKCl0vCO6j23JU1WnypJOaCtKHcFGdZxzzbuGeFCkVRnSbaR
X-Received: by 10.58.186.132 with SMTP id fk4mr1749576vec.9.1391620699682; Wed, 05 Feb 2014 09:18:19 -0800 (PST)
MIME-Version: 1.0
Sender: agl@google.com
Received: by 10.52.104.37 with HTTP; Wed, 5 Feb 2014 09:17:59 -0800 (PST)
In-Reply-To: <C5A3D96C-64C9-4993-8F78-CCCB5272343A@vpnc.org>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <52F25835.60702@comodo.com> <C5A3D96C-64C9-4993-8F78-CCCB5272343A@vpnc.org>
From: Adam Langley <agl@chromium.org>
Date: Wed, 05 Feb 2014 12:17:59 -0500
X-Google-Sender-Auth: 6STs44PPdCLlNfTQlNfz9K2axLs
Message-ID: <CAL9PXLz-JP9pjCATZMr7-1fTrnpPkBbON1oQwbS6MDQJo9Njng@mail.gmail.com>
To: certificate-transparency <certificate-transparency@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 17:18:23 -0000
On Wed, Feb 5, 2014 at 11:55 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > The CT work seems to be based on the idea that other CAs exist, and even that CABForum members might not follow the CABForum rules. Those seem like good assumptions to me. In this case I think the table was drafted with all certificates in mind and we didn't remove the inapplicable rows when just considering EV certificates. In general, CAs that issue outside of the Baseline are skating on thin ice whether they are CA/B Forum members or not. We can (and do) enforce Baseline limits in software. Cheers AGL
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron