IETF Logo Mail Archive

Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan

Adam Langley <agl@chromium.org> Tue, 04 February 2014 20:19 UTC

Return-Path: <agl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D2491A01F0 for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 12:19:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBD67a306T-w for <therightkey@ietfa.amsl.com>; Tue, 4 Feb 2014 12:19:23 -0800 (PST)
Received: from mail-vb0-x22d.google.com (mail-vb0-x22d.google.com [IPv6:2607:f8b0:400c:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id EF14B1A01C8 for <therightkey@ietf.org>; Tue, 4 Feb 2014 12:19:22 -0800 (PST)
Received: by mail-vb0-f45.google.com with SMTP id m10so6016491vbh.4 for <therightkey@ietf.org>; Tue, 04 Feb 2014 12:19:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=MHViUR0HnD8hC6NXu4IKfWK8CxGJwYol2jsGNkUEnxk=; b=Tczb3wLb0CDxx9wo4dSXAf5SP0UYBOuGpMADBwhBdAG6ECBQhhgZKXNjutHGe3/3XY hDpwX+zGZlStsIg9CsqCG6dJUFvQG0zzb7Ol+hz3jKA0fVOX/2vrOHUujM/qXzuL6yrN CAhMa4LRZxitDxbZK1qYWk5CmZdn1Av5rtmi2CYfbwAuOu9xUWdkD7O69RBck/9OWLkd fBL9EvAxKmXYgmURJUNbfBMJIAaw9v9lWoKEWxcCKSnoauccx7OiLEWBzr3XrsMjoU5u ZtBnXQE2bUTxu8cGMXTE0zp6EPR/ChGsht7S4eJqPiwI39ZPc5eKGauMLgnp7b+emf29 DlUQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=MHViUR0HnD8hC6NXu4IKfWK8CxGJwYol2jsGNkUEnxk=; b=B9xi2c1tvonnp/oFXNBd7Bj9dI9+0lM6kOYWFMz95xTYp5AMf0Dg24N/uCzeh3Yg2H B4Iqbb4pE0ICVrv1equ/e/4UXVmerINozYnNYE77dOOhCtVwF8Za6DZIMoNvmndIb8j1 HRBu/hG9pz2POXcopgwENE/lBEWGncZACggn0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=MHViUR0HnD8hC6NXu4IKfWK8CxGJwYol2jsGNkUEnxk=; b=TEl0lmf+ns2ld8OB1ijWG9CxU+L+DdTDR/dn6/DoQo39A9Z9iHfNqZbsqiLkwYiI2k 87hlZ5/44ppnIgDYBlaWLMdbee0D5Rm/pQsGJ6XtjHp5AVm/Ii11qa+mr0/qW3VyN6Kt kUCx0yKgwLxUR2KYPoH8UGUL9dr9CKffYh2jGKcKuuJ/h1qFLHjh1oQHBoz+xDBUY9nx njTq/PnQlxt3sSLgsCXFjcIfu54JUSaY0pYf704JG1OHHVvpn4h1O/MOzBcIQkBEE1Q0 xP5VuHkuQ2xlnoNmh+ZEO1MlCnc6rLbM20bn1nIfMCqoAst8RsBqMgbhxG9MT4bx0O9N CX9A==
X-Gm-Message-State: ALoCoQm/QoQrmZ8UpOydPg6q+60B2n2FQuwLmIZV+D2NXD13HCLt8DH/PaGzuEysrHvpmrI5A6jiowMfnwgFrFFsyCjBBrx439NDSIFyxdjlOJDSYjex4Z/ftBlLPbDYh38zkfa5eX/qRWRgQzLiGsrE3LY3knpXicgbEZxjAduJ4VJgfiJOf2gKjgmioTh+X1ceuedidn05
X-Received: by 10.52.232.168 with SMTP id tp8mr2043323vdc.38.1391545162349; Tue, 04 Feb 2014 12:19:22 -0800 (PST)
MIME-Version: 1.0
Sender: agl@google.com
Received: by 10.52.104.37 with HTTP; Tue, 4 Feb 2014 12:19:02 -0800 (PST)
In-Reply-To: <063601cf21e5$2e696440$8b3c2cc0$@digicert.com>
References: <CABrd9STwBDxwB1vtmS9Ozb5e_7D=zfOqkOBeAaT2HG7X-cw5gw@mail.gmail.com> <04a001cf21cf$3a649190$af2db4b0$@digicert.com> <01dc01cf21db$146dac40$3d4904c0$@globalsign.com> <CAL9PXLzFNCmwrQVBJKPuB8v2hSe6akT-rFku=p60PicLYH8JMA@mail.gmail.com> <05c501cf21dc$bbc70da0$335528e0$@digicert.com> <CAL9PXLxx3gNRSN7FF1T=uQv6q5qooKNjO7Q1FSsZPLmSFt9NSQ@mail.gmail.com> <063601cf21e5$2e696440$8b3c2cc0$@digicert.com>
From: Adam Langley <agl@chromium.org>
Date: Tue, 04 Feb 2014 15:19:02 -0500
X-Google-Sender-Auth: ohtTkwwHfMLAbzwB5uqWUbi_tgg
Message-ID: <CAL9PXLywZUgLjAABQbtVoid2wSCmR6epOgFjC5jDoA90nUnWzQ@mail.gmail.com>
To: Jeremy Rowley <jeremy.rowley@digicert.com>
Content-Type: text/plain; charset="UTF-8"
Cc: therightkey <therightkey@ietf.org>, certificate-transparency <certificate-transparency@googlegroups.com>, CABFPub <public@cabforum.org>
Subject: Re: [therightkey] [cabfpub] Updated Certificate Transparency + Extended Validation plan
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 20:19:25 -0000

On Tue, Feb 4, 2014 at 3:10 PM, Jeremy Rowley
<jeremy.rowley@digicert.com> wrote:
> If the certificate sets out on a two year journey with a passport, it might
> realize this is better than grabbing a utility bill and phone receipt.  Why
> would it carry garbage when it already has something everyone accepts?

We don't want to be in the position where we can't distrust a log
(*any log*) because it would render certificates invalid. Which is why
we're specifying that certificates carry multiple SCTs.


Cheers

AGL

v2.23.0 | Report a Bug | By Email