Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
"Jeremy Rowley" <jeremy.rowley@digicert.com> Wed, 05 February 2014 16:29 UTC
Return-Path: <jeremy.rowley@digicert.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B59581A00EE for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 08:29:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.837
X-Spam-Level:
X-Spam-Status: No, score=-4.837 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3aeuA24kCgS2 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 08:29:50 -0800 (PST)
Received: from mail.digicert.com (mail.digicert.com [64.78.193.232]) by ietfa.amsl.com (Postfix) with ESMTP id 29B521A0119 for <therightkey@ietf.org>; Wed, 5 Feb 2014 08:29:50 -0800 (PST)
Received: from JROWLEYL1 (unknown [67.137.52.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.digicert.com (Postfix) with ESMTPSA id 60EBBAE309; Wed, 5 Feb 2014 09:29:49 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digicert.com; s=mail; t=1391617789; bh=tVNt3Lr88vLMnq6alwUOF+wvkKMpf0El8/e1oKv7utg=; h=From:To:Cc:References:In-Reply-To:Subject:Date; b=QDhpum4cPsUz0LgQ4lKxkmaA3aPf0yw9JTUXx6Q9beDV6ZKCJNumeYwqcX8iNF7wX zLualaZ7RrkPsD/+VSeuHF8bu+e+rF6Bg0zPVBesdvlK7aYnsnfIiMeXFCjnNf3VA/ DrksLKGkL0KBgJ37dRB3NPKDx3fLZzuorkvNPdvo=
From: Jeremy Rowley <jeremy.rowley@digicert.com>
To: 'Adam Langley' <agl@chromium.org>, 'certificate-transparency' <certificate-transparency@googlegroups.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <52F25835.60702@comodo.com> <CAL9PXLzCqvBGW=Du9ZAdMXiVgcO8WJHXf+wG7EuzE2246TFEmg@mail.gmail.com>
In-Reply-To: <CAL9PXLzCqvBGW=Du9ZAdMXiVgcO8WJHXf+wG7EuzE2246TFEmg@mail.gmail.com>
Date: Wed, 05 Feb 2014 09:29:44 -0700
Message-ID: <0b6601cf228f$805d0040$811700c0$@digicert.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGGS/IGH2GP3iOZeF9RA+GsPjuqQQMYIoXUAMQ1K+ybGaPEQA==
Content-Language: en-us
Cc: therightkey@ietf.org, 'CABFPub' <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 16:29:51 -0000
We've issued one month certs before. We would have used shorter certs if the CAB Forum had relaxed the OCSP requirements. Since these are supposed to be extremely streamlined, one SCT would be great. Jeremy -----Original Message----- From: public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] On Behalf Of Adam Langley Sent: Wednesday, February 05, 2014 8:40 AM To: certificate-transparency Cc: therightkey@ietf.org; CABFPub Subject: Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradling@comodo.com> wrote: > Also, what happened to the idea of only requiring 1 SCT for a 1-month cert? I'm to blame for that. Certificates with a single SCT put a lower bound on how quickly we can distrust a log (at least without special measures, such as shipping the whole, public log hashes to all the clients, which is probably impractical.) Since I'm not aware of any CAs issuing one month certs, and it only saves ~100 bytes vs 2 SCTs, it seemed to be something that should be dropped. Cheers AGL _______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron