Re: [therightkey] Updated Certificate Transparency + Extended Validation plan

Ben Laurie <benl@google.com> Wed, 05 February 2014 12:44 UTC

Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 412AA1A00F4 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 04:44:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5XNJ2xfVaiWe for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 04:44:37 -0800 (PST)
Received: from mail-vb0-x232.google.com (mail-vb0-x232.google.com [IPv6:2607:f8b0:400c:c02::232]) by ietfa.amsl.com (Postfix) with ESMTP id B912D1A00DD for <therightkey@ietf.org>; Wed, 5 Feb 2014 04:44:37 -0800 (PST)
Received: by mail-vb0-f50.google.com with SMTP id w8so234669vbj.37 for <therightkey@ietf.org>; Wed, 05 Feb 2014 04:44:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3fj3TFEWyHMuyJ6J5YfAzapaIV2RGGT5zeyarhOnsBw=; b=US3ysDlDwpqPYPUJApVzuE7/IPBMeXfwUo8ggxfKIZw7KI6549hsr5S6gpJKlZQ9ip VlBz5bhxBVMne4/VBvbDzS2qlWaYyYRe6dCMosg4dAR8A7nzukQtwfRZDB3FMXZDqxdP b49hIXbhyGWieO4Ubate6SyaTgd5c17hidh9A6kHi/ib0YgA2j6SV8je461LXMkUkCnP +q3jyCubxomTnVIslAITq15gWubCOrfgs1CNgR25hOgOI+o1rMaQVgnV1isJNHPGtwVE vZBDOYuQhQxKoxthDOAoxsGGmIr7t9NsRjIYvQAcXuo5nPaNzwnF4aIQZBCmEDaAR8du wjzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=3fj3TFEWyHMuyJ6J5YfAzapaIV2RGGT5zeyarhOnsBw=; b=LEcsJ6Fcqg9hZ9Fx4wfnRgaaUBh87q1yzsIrZufKsyf76ywA6QcHEwxKMniJLT7mzD Ghb4T+EHhxB5qrBOem7GkCvtvPC5z+/xIaOURspujzF+q6yB/ctp8GHC9Ow1D9YLK+Nd 5ZhZqY7O/TTQgsNn8lXh77YAamC2ZcZckNh3RKNJJs5ViqZBgoOvK/PRXRdYzAQJI7WN kVRfFun2Zj8JDx0sqGDoRsMQjr9PYV24LCRdh/ZaBjni3QYtEqEVZqLjDfHUrNH+0oG6 x/g5MGNzKcTxgBu13nF2NrwTv/BPFjCivSCGK3EWNMX1UZXTXcn4nh6doKxT8jXlsYQf 3e+A==
X-Gm-Message-State: ALoCoQnAcRzc9OaSDyNBGQVNZXPETOIIzILBv/GitU49amdc7DzKj5Xnf/0CgvrGTHI2qDHPyFrHky7sHCqSAf4dhAZOpw4VrM9lk1IEdJjNL5qXSdl9gFvTPIsFcqu+XfTMBAMfrRKH/ysEOV8r2L3xKBHdFdrmzoRyD8I9CPTykWtTWFGNibOTq/+G5ZRIwns2oPeqC9Gm
MIME-Version: 1.0
X-Received: by 10.52.171.39 with SMTP id ar7mr747582vdc.5.1391604276688; Wed, 05 Feb 2014 04:44:36 -0800 (PST)
Received: by 10.52.230.105 with HTTP; Wed, 5 Feb 2014 04:44:36 -0800 (PST)
In-Reply-To: <647dad549e3047e4a94c721a616f1dee@CO1PR02MB064.namprd02.prod.outlook.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <647dad549e3047e4a94c721a616f1dee@CO1PR02MB064.namprd02.prod.outlook.com>
Date: Wed, 05 Feb 2014 12:44:36 +0000
Message-ID: <CABrd9SQg85sZaXL5ZgGQRbkT62RZtqjSqt=YLjcMyAG79AP0=g@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Wayne Thayer <wthayer@godaddy.com>
Content-Type: text/plain; charset="UTF-8"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 12:44:43 -0000

On 5 February 2014 01:47, Wayne Thayer <wthayer@godaddy.com> wrote:
> I'm somewhat confused by the following two points:
>
>>>5. By July 2014 all EV certificates with validity periods beyond [July
>>>2014] should be logged in
> at least [one] qualifying log (see below).
>>>6. On 1 Jan 2015 Chrome will create a whitelist of valid EV certificates
>>>already issued without
> an embedded SCT [issued by CAs participating in CT] from all qualifying
> logs.
>
> If EV certificates issued prior to 1 Jan 2015 will be whitelisted, what is
> the purpose of point #5?

Sorry, this wasn't particularly clear. By "logged in a qualifying log"
we meant also that the certificate should include an appropriate
number of SCTs. The whitelist _may_ not include certificates issued
after July 2014.