IETF Logo Mail Archive

Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan

Ryan Sleevi <sleevi@google.com> Wed, 05 February 2014 02:48 UTC

Return-Path: <sleevi@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F0141A0004 for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 18:48:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.913
X-Spam-Level:
X-Spam-Status: No, score=-1.913 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G212T0b0agwh for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 18:48:41 -0800 (PST)
Received: from mail-qa0-x229.google.com (mail-qa0-x229.google.com [IPv6:2607:f8b0:400d:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id A6A8D1A0002 for <therightkey@ietf.org>; Tue, 4 Feb 2014 18:48:41 -0800 (PST)
Received: by mail-qa0-f41.google.com with SMTP id w8so13917300qac.0 for <therightkey@ietf.org>; Tue, 04 Feb 2014 18:48:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+vmFelaQ0/ano7RXVDARwF7uEvDs9hJQ2OFTchwELnE=; b=lUFq6fIAhWk80eKvZRhDilPyOevqY3mROhba1CMIjGFaog1I6Plb64lAJSmeBVFsxp E7YRfDUm1G5pqeW4SMvWyZZR3N3IGlTTatgEESprpdBAlKJy+Gdmy1v1J06pqLKXlHq+ xeoyFLnb5BDqpd1e+0VSvEJp+R/+am23ZcHZTZVziRqGF074aWu6i5O5+I5TB39Aton6 O6gUWM/FYmmAleDFhKY8rgHfkQBuL3RTnvyyZ6ohCdIAMRGn+P+Cqh+FYDT+cSlm8zk1 2lCczcPCmWcMTu0Klm9iA72HVc3OSde5PqiCWpHzK6zaYTAcyStyVO5NYg5SDEKlcah3 2Aeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=+vmFelaQ0/ano7RXVDARwF7uEvDs9hJQ2OFTchwELnE=; b=Yghk+XPanKExGmv1iwoRk8Uv407cREsRyU5PY+43jAlr7ieHSi0uFSvkGXHrBcXU8e CfCvSYn+a5B7sunblyLoS/dvxWflqbJ6Rf9RLOD8WDT2qf/BdlukeQcGK+X7g9NnYDRV AzpeHEGSX0tJmOh+iLYHYyJj4hc7PzEZYVWx6QOYD4Dqfvwh7VVzLvM3cGySkLv1dUaQ A+ConIZdmYiJRTYUYXpB+5Xh9jZNti8gTxO7UOYQpfAU7aaiQIxMOUxEikSxyokdXJ+c cn8U/M857FeTT75GVp0rYBQS/1pmj9TAh6a/78eZpD7YCapWoABOCNsR8Jn7l/rPiBfG uqXA==
X-Gm-Message-State: ALoCoQl/T0ouv4TRlh3WlQsbiFdX3+PgReJ5VX8XkKTLlf/Ux2FDJZeQG4LIpL9UqSMT9g3HtmLPfNidy0JmvYko0nSK3iI1ORc3P2c5d0E8Fok0Z+oWPsIpquh5n9YP/nocuPhv9e9x/9Qft7KQ/3l61qgUALmujJ2GMu/3fOJvsnni6pRgRzXLOgriQ0cdip88uXUFLmLy
MIME-Version: 1.0
X-Received: by 10.224.79.133 with SMTP id p5mr72781659qak.56.1391568520894; Tue, 04 Feb 2014 18:48:40 -0800 (PST)
Received: by 10.229.154.208 with HTTP; Tue, 4 Feb 2014 18:48:40 -0800 (PST)
In-Reply-To: <08b001cf221b$4cd7b4a0$e6871de0$@digicert.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <647dad549e3047e4a94c721a616f1dee@CO1PR02MB064.namprd02.prod.outlook.com> <CACvaWvYb-anrri8rzxNDee_UW4AKM7uNC7j7UwHqPRnK4oQiFw@mail.gmail.com> <CF16EFDA.678DA%wthayer@godaddy.com> <08b001cf221b$4cd7b4a0$e6871de0$@digicert.com>
Date: Tue, 04 Feb 2014 18:48:40 -0800
Message-ID: <CACvaWvbyUpWK2ODOzsUKWshdzdwK_=cXe5nLjkOHUSK_VmAAWg@mail.gmail.com>
From: Ryan Sleevi <sleevi@google.com>
To: Jeremy Rowley <jeremy.rowley@digicert.com>
Content-Type: multipart/alternative; boundary="047d7bf0de7a5e6e8804f19fcb01"
Cc: therightkey <therightkey@ietf.org>, Ben Laurie <benl@google.com>, certificate-transparency <certificate-transparency@googlegroups.com>, Wayne Thayer <wthayer@godaddy.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 02:48:44 -0000

On Tue, Feb 4, 2014 at 6:38 PM, Jeremy Rowley <jeremy.rowley@digicert.com>wrote:

> I’m confused as well.  Does that mean Android will start showing an EV
> indicator?
>
>
>
> *From:* therightkey [mailto:therightkey-bounces@ietf.org] *On Behalf Of *Wayne
> Thayer
> *Sent:* Tuesday, February 04, 2014 7:33 PM
> *To:* Ryan Sleevi
> *Cc:* therightkey@ietf.org; Ben Laurie;
> certificate-transparency@googlegroups.com; CABFPub
> *Subject:* Re: [therightkey] [cabfpub] Updated Certificate Transparency +
> Extended Validation plan
>
>
>
>
>
> Hi Wayne,
>
>
>
> Considering we already do not indicate EV on Android, nor have we ever, I
> don't think this perceived loss of functionality is as significant as you
> may believe.
>
>
>
> Further, considering the very real and distinct performance
> characteristics of mobile (radio warmups, RTTs, initcwnds), the idea of
> fetching OCSP, or, worse, CRLs - especially when some CAs have CRLs that
> are quite large (20+ MB) - in order to assure the EV display is...
> non-ideal. So again, the EV indicator on mobile is not as strong or as
> present as it may be on desktop platforms.
>
>
>
> In that case, what does this statement mean?
>
>
>
> Chrome for mobile platforms will cease to show EV indicators for
> certificates that are not CT qualified according to the criteria below.
>

It means that for any CAs that hope to be recognized as EV on Chrome for
mobile platforms (which include iOS), implementing CT by the dates outlined
is seen as a requirement for such treatment. We wanted to specifically call
attention to this - the whitelist is seen as a temporary measure for
Desktop, but given the unique characteristics of mobile platforms, we're
pursuing this requirement at a more aggressive pace.

While Chrome for Android - and the Chrome-based WebView, as the WebView
preceding it - do not provide special treatment for EV, any future plans
for EV indications on these platforms have incorporated the above
requirements and dates.


>
>
>
>
>
>
> -----Original Message-----
> From: therightkey [mailto:therightkey-bounces@ietf.org] On Behalf Of Ben
> Laurie
> Sent: Tuesday, February 04, 2014 10:08 AM
> To: CABFPub; certificate-transparency@googlegroups.com;
> therightkey@ietf.org
>
> Subject: [therightkey] Updated Certificate Transparency + Extended
> Validation plan
>
> Enclosed, our revised plan.
>
> Comments welcome.
>
> _______________________________________________
> Public mailing list
> Public@cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
>

v2.23.0 | Report a Bug | By Email