Re: [therightkey] draft-laurie-pki-sunlight-02
Ben Laurie <benl@google.com> Thu, 15 November 2012 14:32 UTC
Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5E9721F88E9 for <therightkey@ietfa.amsl.com>; Thu, 15 Nov 2012 06:32:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fvP3qCqbGHO for <therightkey@ietfa.amsl.com>; Thu, 15 Nov 2012 06:32:27 -0800 (PST)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id D53F921F88D1 for <therightkey@ietf.org>; Thu, 15 Nov 2012 06:32:26 -0800 (PST)
Received: by mail-we0-f172.google.com with SMTP id u46so653240wey.31 for <therightkey@ietf.org>; Thu, 15 Nov 2012 06:32:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=UwTOQDIaRxvWKXGhYIj6DObeYJlDU7HiJnj6Tb30qvQ=; b=MMqBPJpCi2RlKEH7o8VWKp1hTNrQjtaYMnjOO/bGDJjSFstuSsGwuJum+IjK+EJG+S LUGi60pSq184TyrfHWp2KRFCPmdcRCZpdpHoQBk2fUUI56dVGojMbu5FIsyFbROQB/d1 mS/cTKs4nOLH3GLdoh2WNVnYo3kTjBgWbXmdf5JlaaofG8ylKLv9P88E3n4KxWfWWLFd 4wRFdL4Lm7KByCTUARuqHCSbh0sxKEdvOCeqrbMFF6Ukm9uYUivLGLzvath7FcKkjAip uE5CMN8ipRqXtN2pCpRo4c0Zt1/UL8sQAdhizXS8q7aXbSznbAqeobjYBoHyqDryABst aHbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=UwTOQDIaRxvWKXGhYIj6DObeYJlDU7HiJnj6Tb30qvQ=; b=Gs7hHqekSWqPnCsLDJlZq2lYRbF5CJAx/nj0FguPbPXFUcwE4eOVyV+ZL9Y6XCda/H fDLC8tsKig7A2L6FRscOG0JqgrBQTpfRoEMcPz3sLRjljKubK38TUCJWw85erpI78zWK 5ya6Vu5hcc/so/UdTiLMpgHZ2Rmb5HrUyc3OXgCnr7CpbjuOoTUALu4Amm5olWFB5SBt 2ZWGW3oKhmI53yG2dvWWbqfTL9c45imT5UxShEzJHNB81OdtZ41AVN4Ltg3px66dZoZC IdfCc0dK5XqxPFs8oyKIf4qzqVuBIE7IpfgKpelRVwuLhLyUN+e8pdaqPW6Oc/jXpt6x uBAA==
MIME-Version: 1.0
Received: by 10.180.96.226 with SMTP id dv2mr147311wib.1.1352989945947; Thu, 15 Nov 2012 06:32:25 -0800 (PST)
Received: by 10.194.51.100 with HTTP; Thu, 15 Nov 2012 06:32:25 -0800 (PST)
In-Reply-To: <CADKevbCqyn9780qZO2CgBdVi0F26Syjf5OPmxhk68BVc6wHnew@mail.gmail.com>
References: <CADKevbCqyn9780qZO2CgBdVi0F26Syjf5OPmxhk68BVc6wHnew@mail.gmail.com>
Date: Thu, 15 Nov 2012 14:32:25 +0000
Message-ID: <CABrd9SSzbVdVZgkMBX3Zfvx4-SenXjrk8Sgm2MBYZseE3uDk9A@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Chris Richardson <chris@randomnonce.org>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQkizxBxAX8cEctcxDetg8G54mfcFPEcsLMDlwotgV9CBZvPyIodi3BuNz9fBLzHRbP8sjzsvQvtu/7QYyAHvKS6NoHlyVtD355HS+VUJdJXbjoO4JVmxjsKlhiOU4BO7VZ+h2GdpNtSdr0tIkPKU9pHVwOwO4oQz5qjvTYTEYtDUPqgZlV06EEBYmf99Ydefk6hgDxg
Cc: therightkey@ietf.org
Subject: Re: [therightkey] draft-laurie-pki-sunlight-02
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2012 14:32:27 -0000
On 15 November 2012 02:09, Chris Richardson <chris@randomnonce.org> wrote: > I have a few questions and comments on this document: > > A general comment: What should a log do if it receives multiple > submissions of the same certificate? It MUST detect and reject > duplicates? SHOULD detect? What if it receives a certificate > containing an embedded SCT from itself? MUST/SHOULD/MAY reject? MAY return the same SCT as last time - this is already fixed in the next version (which I couldn't submit coz of cutoff dates). > Section 1.1 fixes the hash algorithm as SHA-256. It makes no mention > of acceptable digital signature algorithms. > http://www.certificate-transparency.org/sizes indicates the thinking > is ECC. Is RSA an acceptable signature algorithm? Yes, but obviously expensive, since a certificate should usually contain more than one SCT. > > Section 2.1: Shouldn't Version be covered by the signature in a > SignedCertificateTimestamp? I'd think it would be beneficial to be > able to verify that the signature was intended for the same version as > is claimed in the unsigned portion. Yes, this is already fixed, also. > Section 2.2 (minor edit): upon first read, the units of old_tree_size > wasn't clear (leaf count? bytes?) The description of tree_size is > explicit on the units ("number of entries"). I would appreciate it if > old_tree_size had similar text. OK. > Section 2.3 (minor edit): the last bullet uses the term > tree_signature, when the rest of the text uses tree_head_signature. Oops. I'm travelling this week, but will try to get an update out next week. > > Regards, > Chris > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey
- [therightkey] draft-laurie-pki-sunlight-02 Chris Richardson
- Re: [therightkey] draft-laurie-pki-sunlight-02 Ben Laurie