IETF Logo Mail Archive

Re: [therightkey] Updated Certificate Transparency + Extended Validation plan

Rob Stradling <rob.stradling@comodo.com> Wed, 05 February 2014 15:26 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D319E1A016E for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 07:26:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.29
X-Spam-Level:
X-Spam-Status: No, score=-1.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rE8eIQu-keTX for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 07:26:49 -0800 (PST)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) by ietfa.amsl.com (Postfix) with ESMTP id 082811A00FD for <therightkey@ietf.org>; Wed, 5 Feb 2014 07:26:48 -0800 (PST)
Received: (qmail 10579 invoked by uid 1000); 5 Feb 2014 15:26:45 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (CAMELLIA256-SHA encrypted) ESMTPSA; Wed, 05 Feb 2014 15:26:45 +0000
Message-ID: <52F25835.60702@comodo.com>
Date: Wed, 05 Feb 2014 15:26:45 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com>
In-Reply-To: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, certificate-transparency@googlegroups.com, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 15:26:52 -0000

On 04/02/14 17:08, Ben Laurie wrote:
> Enclosed, our revised plan.
>
> Comments welcome.

Ben,

Table 1 and Footnote 4 seem a bit confused, wrongly implying that 
39-month EV certs do exist and/or that >39-month non-EV certs don't exist.

 >27 month EV SSL certificates shouldn't exist, as per the EV Guidelines.

 >60 month non-EV SSL certificates shouldn't have been issued by any CA 
since the BRs came into effect.

 >39 month non-EV SSL certificates shouldn't be issued from 1st April 
2015, as per the BRs.

Also, what happened to the idea of only requiring 1 SCT for a 1-month cert?

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

v2.23.0 | Report a Bug | By Email