IETF Logo Mail Archive

Re: [therightkey] Updated Certificate Transparency + Extended Validation plan

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 05 February 2014 17:37 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 577941A0122 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 09:37:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wMILEXdvZ3E for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 09:37:52 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 34BB71A010D for <therightkey@ietf.org>; Wed, 5 Feb 2014 09:37:52 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id s15HHh0r028915 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 5 Feb 2014 10:17:45 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CAL9PXLz-JP9pjCATZMr7-1fTrnpPkBbON1oQwbS6MDQJo9Njng@mail.gmail.com>
Date: Wed, 05 Feb 2014 09:37:44 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <7776D195-B579-4493-9A30-B094587BE4FF@vpnc.org>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <52F25835.60702@comodo.com> <C5A3D96C-64C9-4993-8F78-CCCB5272343A@vpnc.org> <CAL9PXLz-JP9pjCATZMr7-1fTrnpPkBbON1oQwbS6MDQJo9Njng@mail.gmail.com>
To: Adam Langley <agl@chromium.org>
X-Mailer: Apple Mail (2.1827)
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, certificate-transparency <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 17:37:53 -0000

On Feb 5, 2014, at 9:17 AM, Adam Langley <agl@chromium.org> wrote:

> On Wed, Feb 5, 2014 at 11:55 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>> The CT work seems to be based on the idea that other CAs exist, and even that CABForum members might not follow the CABForum rules. Those seem like good assumptions to me.
> 
> In this case I think the table was drafted with all certificates in
> mind and we didn't remove the inapplicable rows when just considering
> EV certificates.
> 
> In general, CAs that issue outside of the Baseline are skating on thin
> ice whether they are CA/B Forum members or not. We can (and do)
> enforce Baseline limits in software.

Where "we" is Chrome, yes? Is the list of the rules you enforce published somewhere other than in the source code? If so, that would help the CT conversation a great deal.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email