IETF Logo Mail Archive

Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan

Ben Laurie <benl@google.com> Sat, 08 February 2014 13:28 UTC

Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B922B1A02F9 for <therightkey@ietfa.amsl.com>; Sat, 8 Feb 2014 05:28:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.027
X-Spam-Level:
X-Spam-Status: No, score=-0.027 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I25Yhx7hWg_i for <therightkey@ietfa.amsl.com>; Sat, 8 Feb 2014 05:28:54 -0800 (PST)
Received: from mail-vb0-x236.google.com (mail-vb0-x236.google.com [IPv6:2607:f8b0:400c:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id 8A8E81A02F7 for <therightkey@ietf.org>; Sat, 8 Feb 2014 05:28:54 -0800 (PST)
Received: by mail-vb0-f54.google.com with SMTP id w20so3464606vbb.41 for <therightkey@ietf.org>; Sat, 08 Feb 2014 05:28:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ztmQW4b4ZfOds7e40wVtX4DGcj2h/Sn7wF+ShiyBFlk=; b=D9b7rcfKti/0Ojb5iguh/xUWeo2myOlYHpH30qet4PIL8jC8EmE9lZ0TMXwWZmduXZ 5xm2agxpl6lTQ2OIrcssLBQQEgTueutFD/9uXPGIQXwpACXBTrGDQOGm9wJO7jqnX5QK LA8sJyLoC3nOJ+usd+jTEAZMQD3NFBtMRlA/29eT6tGD+LUyLIDyjgRbwwNKOYd3WMep 1yaq6TZWWzdi1je5Ffk5lcK0qzUdxpqrTAC2LDiIBjhrKnZTLvAOWBrfYP9oexUQzMp1 MDV3U4s6AC94SMLxzeKq/JvIsM7B0uxAXKEfr5U4tDV7iIMQFq7xh2Ej9Xn5Qe3GS8zN HLVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ztmQW4b4ZfOds7e40wVtX4DGcj2h/Sn7wF+ShiyBFlk=; b=i/Jvgh8iNBC4jFo7L7wlq3l3Gftjjp3fSm0l23N6WM4opdKve+rsgnxR48rcM3+Zda 1Tw4WbjMCKImgPCTRw9Xd4HiXI4KPCwi9r5fvvjdIhWQBxPrB5dYjoAqMt3/Kuwdx2+w m+IFKY5E5+iY/lL8UGrnSFhdK5JCdBEn/khs9q1UtCssBU2dD/J1Cj3if6cdqhLRdQmc hOPiCRfz8NecmmL+QnO2xrMrweDSAxwMEdieIMuJ9hLcRs2E4WNmcrTFIs55c7tUWW0H J3mpL7uQjC3J63KnorGnjQbuOY3Kv6kY76HdxiXYeYEorGcBfbOGL8wX1JsBQBKvQzEh 5ThQ==
X-Gm-Message-State: ALoCoQkECz8obQaNaBkAceCXoawFtDM9OulykEJVbdOvhAL8CuN7kN5kqugbiEDG7GpluPgLhTZphd3puddQgwU+v6nKi498ezcW3rhtZPBf762B8E2kXmW9m6NSNeMt2qya6R1QW5fZMT0F0WZpUUaCdKMXks0w8Zi8yOrNApY60bSe8dIKGDVvOuMG4YOG/zt5vOzTrxXe
MIME-Version: 1.0
X-Received: by 10.52.247.231 with SMTP id yh7mr269549vdc.34.1391866134797; Sat, 08 Feb 2014 05:28:54 -0800 (PST)
Received: by 10.52.230.105 with HTTP; Sat, 8 Feb 2014 05:28:54 -0800 (PST)
In-Reply-To: <CF17D5DD.F9CC%carl@redhoundsoftware.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <04a001cf21cf$3a649190$af2db4b0$@digicert.com> <01dc01cf21db$146dac40$3d4904c0$@globalsign.com> <CAL9PXLzFNCmwrQVBJKPuB8v2hSe6akT-rFku=p60PicLYH8JMA@mail.gmail.com> <05c501cf21dc$bbc70da0$335528e0$@digicert.com> <CAL9PXLxx3gNRSN7FF1T=uQv6q5qooKNjO7Q1FSsZPLmSFt9NSQ@mail.gmail.com> <CF17D5DD.F9CC%carl@redhoundsoftware.com>
Date: Sat, 08 Feb 2014 13:28:54 +0000
Message-ID: <CABrd9SQ7wFBj64yVRDPoboQOOrSwTy_Mi7L7V6GsRUmny9fKTg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Content-Type: text/plain; charset="UTF-8"
Cc: therightkey <therightkey@ietf.org>, Adam Langley <agl@chromium.org>
Subject: Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Feb 2014 13:28:56 -0000

On 5 February 2014 16:51, Carl Wallace <carl@redhoundsoftware.com> wrote:
>
> On 2/4/14, 2:41 PM, "Adam Langley" <agl@chromium.org> wrote:
>
>>On Tue, Feb 4, 2014 at 2:10 PM, Jeremy Rowley
>><jeremy.rowley@digicert.com> wrote:
>>> I do not think this is correct.  The number of proofs actually
>>>increases as you decrease validity periods.
>>
>>Consider a certificate setting out on a journey. It always needs to
>>have identity papers with it because the Browser Police are always on
>>the lookout for unregistered certificates. However, the Browser Police
>>sometimes decide that certain forms of ID are no longer acceptable and
>>so a certificate needs to carry several forms of ID with it. If it's
>>setting out on a one year journey it's wise to have two forms of ID
>>because one might become distrusted over the year, but it's
>>vanishingly unlikely that both would be.
>>
>>However, if our plucky certificate is setting out on a two year
>>journey then it's wise to carry three forms of ID just in case two
>>become useless while it's out in the world. The longer it'll be out,
>>the more forms of id it should carry to ensure that one is always
>>acceptable.
>
> This would be more clear if the section of the document that notes Chrome
> will periodically refresh the list of qualifying logs also indicated the
> list of formerly qualifying logs will also be updated.  You will need both
> lists.

Good point, I will update the document.

>
>
>
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey

v2.23.0 | Report a Bug | By Email