IETF Logo Mail Archive

Re: [therightkey] Updated Certificate Transparency + Extended Validation plan

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 05 February 2014 16:55 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D24BF1A0159 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 08:55:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvb2jSBy_uq8 for <therightkey@ietfa.amsl.com>; Wed, 5 Feb 2014 08:55:40 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id DF48E1A014E for <therightkey@ietf.org>; Wed, 5 Feb 2014 08:55:39 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id s15GZXZM027407 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 5 Feb 2014 09:35:34 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <52F25835.60702@comodo.com>
Date: Wed, 05 Feb 2014 08:55:36 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <C5A3D96C-64C9-4993-8F78-CCCB5272343A@vpnc.org>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <52F25835.60702@comodo.com>
To: "therightkey@ietf.org" <therightkey@ietf.org>
X-Mailer: Apple Mail (2.1827)
Cc: certificate-transparency@googlegroups.com, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 16:55:41 -0000

On Feb 5, 2014, at 7:26 AM, Rob Stradling <rob.stradling@comodo.com> wrote:

> Table 1 and Footnote 4 seem a bit confused, wrongly implying that 39-month EV certs do exist and/or that >39-month non-EV certs don't exist.
> 
> >27 month EV SSL certificates shouldn't exist, as per the EV Guidelines.
> 
> >60 month non-EV SSL certificates shouldn't have been issued by any CA since the BRs came into effect.
> 
> >39 month non-EV SSL certificates shouldn't be issued from 1st April 2015, as per the BRs.

The above seems to be based in the belief that no one than CABForum members issue certificates. It also seems to be based on the idea that no CABForum member will ever not follow the current-at-the-time CABForum rules.

The CT work seems to be based on the idea that other CAs exist, and even that CABForum members might not follow the CABForum rules. Those seem like good assumptions to me.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email