IETF Logo Mail Archive

Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan

"Jeremy Rowley" <jeremy.rowley@digicert.com> Tue, 04 February 2014 17:33 UTC

Return-Path: <jeremy.rowley@digicert.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99A451A0100 for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 09:33:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.437
X-Spam-Level:
X-Spam-Status: No, score=-3.437 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zZuxa2i5pmTa for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 09:33:29 -0800 (PST)
Received: from mail.digicert.com (mail.digicert.com [64.78.193.232]) by ietfa.amsl.com (Postfix) with ESMTP id 506791A0035 for <therightkey@ietf.org>; Tue, 4 Feb 2014 09:33:29 -0800 (PST)
Received: from JROWLEYL1 (unknown [67.137.52.8]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.digicert.com (Postfix) with ESMTPSA id B36BB8FA006; Tue, 4 Feb 2014 10:33:28 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digicert.com; s=mail; t=1391535208; bh=T6IAU/h6dpuZ7o58OBGzndripZAqP1ryMvlb2TSgd1s=; h=From:To:References:In-Reply-To:Subject:Date; b=i3btP+NZbbuFULrm/5EsKeivImzmUjBti+cLsFcRQcE/F1ZwazyO1QIAiHux+7dUi KVJPcyNGMN35/YKKdrCJmix/es0U1xKbvaOlRMRnDnTEPTi40aSFy6HvRN9FYPGFrr /sU0SnPkHuEP5s6vZIaNdbLpT3LGRs160pfVmByI=
From: Jeremy Rowley <jeremy.rowley@digicert.com>
To: 'Ben Laurie' <benl@google.com>, 'CABFPub' <public@cabforum.org>, certificate-transparency@googlegroups.com, therightkey@ietf.org
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com>
In-Reply-To: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com>
Date: Tue, 04 Feb 2014 10:33:32 -0700
Message-ID: <04a001cf21cf$3a649190$af2db4b0$@digicert.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQGGS/IGH2GP3iOZeF9RA+GsPjuqQZs3BZqQ
Content-Language: en-us
Subject: Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 17:33:30 -0000

Three or four proofs for a 27 month certificate is way too many.  The number of proofs should be decided based on the customer's risk profile, not a set number based on certificate lifecycle. Adding 400 bytes per certificate will make EV certificates unusable by entities concerned with performance. 

Jeremy

-----Original Message-----
From: public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] On Behalf Of Ben Laurie
Sent: Tuesday, February 04, 2014 10:08 AM
To: CABFPub; certificate-transparency@googlegroups.com; therightkey@ietf.org
Subject: [cabfpub] Updated Certificate Transparency + Extended Validation plan

Enclosed, our revised plan.

Comments welcome.

v2.23.0 | Report a Bug | By Email