Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
Adam Langley <agl@chromium.org> Tue, 04 February 2014 19:05 UTC
Return-Path: <agl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C3891A01AB for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 11:05:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yHDeoDW2gplB for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 11:05:21 -0800 (PST)
Received: from mail-vb0-x22e.google.com (mail-vb0-x22e.google.com [IPv6:2607:f8b0:400c:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 965E71A01A5 for <therightkey@ietf.org>; Tue, 4 Feb 2014 11:05:21 -0800 (PST)
Received: by mail-vb0-f46.google.com with SMTP id o19so6063937vbm.33 for <therightkey@ietf.org>; Tue, 04 Feb 2014 11:05:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=V+gponN8JZ0iuOCJP4ZsYVMMsJLW08B5RbWINjqa+AE=; b=pQ1oja4/QjcOnNLlJPJg0Hd/s3LGiIRMK344YYDu0N1CfJPv18+gacn9hyj0CFk7Qo 2J//sijpsqk/foHCEBpCUzcy1WPdZnPLZQOzG2O/2509fULHmUqcMdrHJtIr7y2xYN67 D+iVz+yfdN2J6lnLxzUt/Guuq289T4h3s54IWP0tJoONVUSAYwyp04xZs9phhzSCFXgA 3CIDCtfPe8hYzA6w/L/cnzq+vIY+9B18aXgDCVGGAJUY5/SotqdPytgiqvEb3WRrELei Q0AdGpTJfiFPGMl6SwBBcnmdh8PJZeOnF6Y7AdHeDN8RMzMinPxTAFiES7h9WpKjAYXB rTkA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=V+gponN8JZ0iuOCJP4ZsYVMMsJLW08B5RbWINjqa+AE=; b=PPiN9XQwJFVcXe4TwYUOsvgn7PaB8OAGNXaBYqzVWh4tzNfJ509StGcgjz3GGnlSsQ 8gJUPGcqmLyxhxeiQ+6jACO+orfIzdfjXRsUJ7DhbfxINAc+5JMlSsIkrdd5k0roFtkW Glfzyiry2ydGa9T/AuKBS7X9QqrKDobAwdLVo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=V+gponN8JZ0iuOCJP4ZsYVMMsJLW08B5RbWINjqa+AE=; b=TtTK8lwmhX+dr6ynusDVpI8babStJo+6E62+JZaAJPJ7+RzOGDbp/OaKSYwcSshpmb 7g/I5x133qnCSl90LCu90X96242hXWt9vruIi+YR8RzHpdbVWqhKOqoRsoox+7X67s1i zV792t/1HZSDKACtxvPnRKQ2XTrpbRrCsx4NRKxFFOUdf6sAb/j2k321WFHH4CAGMxyq biIrHB3gYIm64VOyTqW1ZsZDXFqnfrkIPonssso/4lnq9iX/TEB39moCh7srR97YMhMx 5uC/A8Dw46dxNyXFUTCbP3mqngs334Uej0/2p9eFFtl39SLXVrRCBAG9fK/EsWLfiFfE RCHQ==
X-Gm-Message-State: ALoCoQlgRX/vKRldGGv1nHI1BlbHl3+Pe06edMEa3+wX39O2/nzWkRVF9z/EeAvYZWBuNGPTUsxqMR3LAkaaw7q+1R0BDZBPNxEGNH8wzgAtBddiXNiwkShJv/r8+sRyI6IEPUnoc6bS0MfzcXieO83Nl3+Qia0bqIgGSFrJIy3v8vos7+Ai64iPKMI1pNyVPmKzqS1JEKNU
X-Received: by 10.58.133.15 with SMTP id oy15mr10826530veb.19.1391540720871; Tue, 04 Feb 2014 11:05:20 -0800 (PST)
MIME-Version: 1.0
Sender: agl@google.com
Received: by 10.52.104.37 with HTTP; Tue, 4 Feb 2014 11:05:00 -0800 (PST)
In-Reply-To: <01dc01cf21db$146dac40$3d4904c0$@globalsign.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <04a001cf21cf$3a649190$af2db4b0$@digicert.com> <01dc01cf21db$146dac40$3d4904c0$@globalsign.com>
From: Adam Langley <agl@chromium.org>
Date: Tue, 04 Feb 2014 14:05:00 -0500
X-Google-Sender-Auth: h-vMCTAikDqyE3Xvgy5Wte9ROPo
Message-ID: <CAL9PXLzFNCmwrQVBJKPuB8v2hSe6akT-rFku=p60PicLYH8JMA@mail.gmail.com>
To: certificate-transparency <certificate-transparency@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Cc: therightkey <therightkey@ietf.org>, Ben Laurie <benl@google.com>, Jeremy Rowley <jeremy.rowley@digicert.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 19:05:23 -0000
On Tue, Feb 4, 2014 at 1:58 PM, Doug Beattie <doug.beattie@globalsign.com> wrote: > The number of proofs should be related to the reputation of the CA, the number > of years the CA has been in business I think you're assuming that a larger number of proofs is designed to catch possible malpractice on the part of the CA, but that's not it at all. The aim is to make sure that bad /logs/ can be distrusted. The major obstacle to killing logs is that certificates depend on the proofs and that, if we killed all the logs that a certificate was depending on, the site in question might go dark. In order to make sure that logs can be distrusted without blowback, the number of proofs increases as the duration of the certificate does. Thus, even if we kill one log every 12 months (which we certainly hope not to do!), longer lived certificates would still be functional towards the end of their lives. Cheers AGL
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron