Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
Adam Langley <agl@chromium.org> Wed, 05 February 2014 15:40 UTC
Return-Path: <agl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 476DA1A01AF for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 07:40:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQm3zU_y41-Y for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 07:40:11 -0800 (PST)
Received: from mail-vb0-x235.google.com (mail-vb0-x235.google.com [IPv6:2607:f8b0:400c:c02::235]) by ietfa.amsl.com (Postfix) with ESMTP id 89DC81A0192 for <therightkey@ietf.org>; Wed, 5 Feb 2014 07:40:11 -0800 (PST)
Received: by mail-vb0-f53.google.com with SMTP id p17so405077vbe.26 for <therightkey@ietf.org>; Wed, 05 Feb 2014 07:40:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=UYIs/mirxWiCI2VOjALiVBRBL/ASuTCdXDbDt6dVNRE=; b=iwNr5vYOLUnua339P9CkjcQSuuLtd+ByWMOTidCGjFXc+P77iibGGXRvfRcwGP0b6b i/gMs+P0vvfnGQP8xsx9L3KjrCccSwk0bWH2JDRzoS4shiBfe5J5zffq6OTmvJFfNajO N3UaI8ZOwQ2i+kJfCI8SXf0gpznHH4Q7jidXcR9gGDqhfKSuHtwiEbC8AiWS3074OPut 5QMQYf1ZU38MPedNLX+JBJaVfPF2RqPFutytWS2pUnYx67CzimaYRtj6n5KBVa9xQZiW CfmF0vWFO0sDXoQyTscQlMwS2wGMLy7HVtBGaDcUCZzMJIUrlpawFBYkDQHwEUwu8Sdk aj3A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=UYIs/mirxWiCI2VOjALiVBRBL/ASuTCdXDbDt6dVNRE=; b=RFdeWBbU9maF/kXToxOwssTbDoqC52WjKUKf3BJaSnPBcfDcc9HUC9WFxOu1h8Mfci EVIj4SLY3gEErIlKy/54VcdJ4Vf/yGQinTmCDyPKAF05d3gCvm7vQLbt9Eap+ZPil2Km RmMTR5N8gbJ1WdcZor30CdjMssSnmUoN87bwU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=UYIs/mirxWiCI2VOjALiVBRBL/ASuTCdXDbDt6dVNRE=; b=ElpRPsvw9Iwehk5OUCCWSqCgPM5C6KxmvzKIVlPWSxbxiRD0vEpzQDaEynLw0R4om/ Uf0vizfyYCG5bBfx3Rma7er78SjGx4QOQQ6o7E8se9GZViSXojSNaY+lU8txshfFXkps 5M2gETI8N1uRccoK7+nrxjmJ/CsiiNfKdRxeQM/1Sdl09kfhuHokfM2znGi+gFfUB/1g NhRu2AmnkpIYQ/IZW0gHvyqNg79lignwiNO+oXNifyNGKD4r5zv6Wv6Qh1achDlVaa6/ r+pdAoPs7xCFC4cnw4DngGkRYg11CDgDsiZ6AUaMOcCt2UBwW7Bau4HHX4j4oFG5cGP2 eBVg==
X-Gm-Message-State: ALoCoQmQxvxT4KwXpgvay48pmz+z2HNrWvW8CXPdWF+rRXhpCEzpC+15QaK8t/dw6dfeLh3W4UrCUOCT+uO+G3vVtkXGR6+8o696daPZkvpTHaS8lI+VYwo0ll5+J26GH10O5arJbSB79Owx0rRKdwyDl79Ej+ErY0lllu07xBf8iHWFVx1PBHv9pPx1KTmwVP+cmIzwPH5b
X-Received: by 10.58.123.70 with SMTP id ly6mr1470896veb.26.1391614810670; Wed, 05 Feb 2014 07:40:10 -0800 (PST)
MIME-Version: 1.0
Sender: agl@google.com
Received: by 10.52.104.37 with HTTP; Wed, 5 Feb 2014 07:39:49 -0800 (PST)
In-Reply-To: <52F25835.60702@comodo.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <52F25835.60702@comodo.com>
From: Adam Langley <agl@chromium.org>
Date: Wed, 05 Feb 2014 10:39:49 -0500
X-Google-Sender-Auth: FEWZjBCL_cqzaM2x0hHG0a0WJgM
Message-ID: <CAL9PXLzCqvBGW=Du9ZAdMXiVgcO8WJHXf+wG7EuzE2246TFEmg@mail.gmail.com>
To: certificate-transparency <certificate-transparency@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Ben Laurie <benl@google.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 15:40:13 -0000
On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradling@comodo.com> wrote: > Also, what happened to the idea of only requiring 1 SCT for a 1-month cert? I'm to blame for that. Certificates with a single SCT put a lower bound on how quickly we can distrust a log (at least without special measures, such as shipping the whole, public log hashes to all the clients, which is probably impractical.) Since I'm not aware of any CAs issuing one month certs, and it only saves ~100 bytes vs 2 SCTs, it seemed to be something that should be dropped. Cheers AGL
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron