Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
Ryan Sleevi <sleevi@google.com> Wed, 05 February 2014 01:55 UTC
Return-Path: <sleevi@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5FC91A0196 for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 17:55:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.913
X-Spam-Level:
X-Spam-Status: No, score=-1.913 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uqw-BdZoiVSv for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 17:55:46 -0800 (PST)
Received: from mail-qa0-x22c.google.com (mail-qa0-x22c.google.com [IPv6:2607:f8b0:400d:c00::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2881A0190 for <therightkey@ietf.org>; Tue, 4 Feb 2014 17:55:46 -0800 (PST)
Received: by mail-qa0-f44.google.com with SMTP id w5so13790180qac.31 for <therightkey@ietf.org>; Tue, 04 Feb 2014 17:55:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UOdjj+tTzV68Efxa8DJvC31FkWCWfq1JBKAxxP3sxk4=; b=Ls6nA1RykonCJV4Tb9mFBA0pq44rnjenrUSmVLa6GI0D8S2NfPwltVTo6R/wTmq3z8 8l4j9Hf+ETGjblNwtwuOKKNVZaQHrxq/KemgDveurr7XivuYE9Ig8bzY606zrKKm1jov WOvYhlEHUcfPeuTlubbdEZLenoDOIrFNEivImCTnSeGMDKXfSyaFi1cu1kbQmheccXfN jjO4ZAifOzEKi9hGjcURt/Em4iZo/VYBAvSBxftddvHoo9ve7sUFVcJwXl9iNRF/GluE eNRXBN1u9MI+5OH14FWT20kZrAXm+lxsp9Y8CzfSIrlu/dBrXWupCFiwWcJUyUFdFqcr xsIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UOdjj+tTzV68Efxa8DJvC31FkWCWfq1JBKAxxP3sxk4=; b=U+APTyP+Gk6MI2diP0aF6py2JzlPeADhgs0AZCcIiYS+3AHz/oQPtoAVa2a4HjlQHQ 64yjtGbhMLzTqXQ7iFVwPADNa9h7nKkVgvTRlrp4O5VAyw/Hahe+tspPWPmxirnSrOEj /S4qZwSlS6LFRsD2UGbb4QwD4wmctf8l2jXKrmWSEKk86bSIiLaopVJALF9ER/QzT85P BBpr+2eamaKCwsYAV2OfWc8Eyeh51B/J1gXhYCq5jZuN6syhZURLzb8c44dK/7Ul4tYf b/SiWDkw9WdRdwVwaZaGw3PTuL/rWHc3KwrDcqKduEiT6bk6fxqGG8GRzscf1sWQ0FOn Dn1w==
X-Gm-Message-State: ALoCoQl5Gn94rnTD26JAq/cn8n/Y4/TnhRGD7Rc3mNVefPzKwdSsq5mIokl3BYUE8ktCrFPiO+Z93iJtMj9dKm06GiotJr7pdQFXRbRJTNR2uZn1Sg+YbjR6X3hB8rOAy1sQoZ13f6ZlbGfOVc4zjYVJ8iJ7YgtZjUX9dX1aSDD0DQ4U3blBRGW2MwrJGtAVJIDsj4ogyxHe
MIME-Version: 1.0
X-Received: by 10.140.37.146 with SMTP id r18mr67623582qgr.61.1391565345677; Tue, 04 Feb 2014 17:55:45 -0800 (PST)
Received: by 10.229.154.208 with HTTP; Tue, 4 Feb 2014 17:55:45 -0800 (PST)
In-Reply-To: <647dad549e3047e4a94c721a616f1dee@CO1PR02MB064.namprd02.prod.outlook.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <647dad549e3047e4a94c721a616f1dee@CO1PR02MB064.namprd02.prod.outlook.com>
Date: Tue, 04 Feb 2014 17:55:45 -0800
Message-ID: <CACvaWvYb-anrri8rzxNDee_UW4AKM7uNC7j7UwHqPRnK4oQiFw@mail.gmail.com>
From: Ryan Sleevi <sleevi@google.com>
To: Wayne Thayer <wthayer@godaddy.com>
Content-Type: multipart/alternative; boundary="001a11c1628e1c722604f19f0e64"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Ben Laurie <benl@google.com>, "certificate-transparency@googlegroups.com" <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 01:55:48 -0000
On Tue, Feb 4, 2014 at 5:47 PM, Wayne Thayer <wthayer@godaddy.com> wrote: > I'm somewhat confused by the following two points: > > >>5. By July 2014 all EV certificates with validity periods beyond [July > >>2014] should be logged in > at least [one] qualifying log (see below). > >>6. On 1 Jan 2015 Chrome will create a whitelist of valid EV certificates > >>already issued without > an embedded SCT [issued by CAs participating in CT] from all qualifying > logs. > > If EV certificates issued prior to 1 Jan 2015 will be whitelisted, what is > the purpose of point #5? > > Also, regarding point #7, I understand if it¹s not practical to distribute > a large whitelist to mobile platforms, but IMO retroactively removing the > EV indicator from existing certs rather than letting them naturally expire > before enforcing CT on mobile platforms creates a bad EV experience in > return for little additional transparency & security. > > Thanks, > > Wayne > > Hi Wayne, Considering we already do not indicate EV on Android, nor have we ever, I don't think this perceived loss of functionality is as significant as you may believe. Further, considering the very real and distinct performance characteristics of mobile (radio warmups, RTTs, initcwnds), the idea of fetching OCSP, or, worse, CRLs - especially when some CAs have CRLs that are quite large (20+ MB) - in order to assure the EV display is... non-ideal. So again, the EV indicator on mobile is not as strong or as present as it may be on desktop platforms. > -----Original Message----- > From: therightkey [mailto:therightkey-bounces@ietf.org] On Behalf Of Ben > Laurie > Sent: Tuesday, February 04, 2014 10:08 AM > To: CABFPub; certificate-transparency@googlegroups.com; > therightkey@ietf.org > Subject: [therightkey] Updated Certificate Transparency + Extended > Validation plan > > Enclosed, our revised plan. > > Comments welcome. > > _______________________________________________ > Public mailing list > Public@cabforum.org > https://cabforum.org/mailman/listinfo/public >
- [therightkey] Updated Certificate Transparency + … Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] Updated Certificate Transparenc… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… Wayne Thayer
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- [therightkey] Thoughts on reducing SCT sizes (was… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] EXTERNAL: Re: [cabfpub] Updated… Mehner, Carl
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Thoughts on reducing … Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Jeremy Rowley
- Re: [therightkey] [cabfpub] Updated Certificate T… Carl Wallace
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Paul Hoffman
- Re: [therightkey] Updated Certificate Transparenc… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] Updated Certificate Transparenc… Adam Langley
- Re: [therightkey] [cabfpub] Updated Certificate T… Ryan Sleevi
- Re: [therightkey] [cabfpub] Updated Certificate T… michal.proszkiewicz
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] Updated Certificate Transparenc… Rick Andrews
- Re: [therightkey] [cabfpub] Updated Certificate T… Chema López González
- Re: [therightkey] Updated Certificate Transparenc… Ben Laurie
- Re: [therightkey] [cabfpub] Updated Certificate T… kirk_hall@trendmicro.com
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Tim Moses
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Thoughts on reducing … Ben Laurie
- Re: [therightkey] [cabfpub] Thoughts on reducing … Daniel Kahn Gillmor
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… i-barreira
- Re: [therightkey] [cabfpub] Updated Certificate T… Rob Stradling
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron
- Re: [therightkey] [cabfpub] Updated Certificate T… Mat Caughron