Re: [Trans] making progress on precertificate discussion
Melinda Shore <melinda.shore@gmail.com> Fri, 03 October 2014 19:58 UTC
Return-Path: <melinda.shore@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 769741A88EA for <trans@ietfa.amsl.com>; Fri, 3 Oct 2014 12:58:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Arnlbw_w9znR for <trans@ietfa.amsl.com>; Fri, 3 Oct 2014 12:58:31 -0700 (PDT)
Received: from mail-pd0-x236.google.com (mail-pd0-x236.google.com [IPv6:2607:f8b0:400e:c02::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C2BB1A88E9 for <trans@ietf.org>; Fri, 3 Oct 2014 12:58:31 -0700 (PDT)
Received: by mail-pd0-f182.google.com with SMTP id y10so114456pdj.41 for <trans@ietf.org>; Fri, 03 Oct 2014 12:58:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=I+GqQIf2CCArN5rXBRIGamVWsv8+awLvAJh9yi1ZSeM=; b=xrHQImS7rpwxCjlHVu60MqeOOV+iiAa+SVPkTWWNCWCePYO/3t46eaA/TZHhhU3368 kwpyGdza0p40VzX1AD0GHYkX1iU3oZNxT0lwqR2wxHj23C43wQgXIVpQMX5ryqX0S/vN DAGm0aM6hizjvLrUcc5pajudPmd//w5VbB5TgFh7BmhvarKlYI1laccCngItS4NEnA0b TrfFr1HS+cD+uM/MRrMJSKxE+hRaoz8zU+t69MDKMLBczrWpOPCdj90GSEw0Rljjezxz NwfRn5XHc4XMtF5G6FB2b4BlePYzJ5tUYCmo36g0jUEKuo9aL9x1jTM2jFhsgFaSFqv0 RGKA==
X-Received: by 10.68.57.232 with SMTP id l8mr8959972pbq.107.1412366310838; Fri, 03 Oct 2014 12:58:30 -0700 (PDT)
Received: from spandex.local (216-67-62-156-rb3.nwc.dsl.dynamic.acsalaska.net. [216.67.62.156]) by mx.google.com with ESMTPSA id b2sm5140886pbu.42.2014.10.03.12.58.29 for <trans@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 03 Oct 2014 12:58:30 -0700 (PDT)
Message-ID: <542EFFE4.90908@gmail.com>
Date: Fri, 03 Oct 2014 11:58:28 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: trans@ietf.org
References: <542E7EFC.4050202@gmail.com> <542EF87B.5010105@bbn.com>
In-Reply-To: <542EF87B.5010105@bbn.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/FZPGeKblZxgX1Dq3t9SJElW6CV0
Subject: Re: [Trans] making progress on precertificate discussion
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2014 19:58:32 -0000
On 10/3/14 11:26 AM, Stephen Kent wrote: > I'm confused by the last sentence above. One can issue a cert at the > same time a pre-cert is issued, but the cert does not contain the > SCT that will be generated by the log, so the parallel issuance seems > redundant, > and I'm not sure how it helps. This goes to the question of whether or not the serial number is knowable at the time at the precertificate is constructed. I don't know much beyond that; this is based on implementation reports from an American CA. > I'd feel more comfortable on this topic if we had the results > of the CABF member poll I suggested. Is there any progress on > that front? It's underway, and so far nobody is saying that the serial number issue is a block to implementation. I'm very concerned that we have not been able to close this issue for over six months, and that while several people have raised concerns on principle nobody who's actually implementing this on the CA side has said that this is a show-stopper, or even enough of a difficulty to raise it with us. We're very open to revisiting this if there's new information. Melinda
- [Trans] making progress on precertificate discuss… Melinda Shore
- Re: [Trans] making progress on precertificate dis… Stephen Kent
- Re: [Trans] making progress on precertificate dis… Melinda Shore
- Re: [Trans] making progress on precertificate dis… Jeremy.Rowley
- Re: [Trans] making progress on precertificate dis… Stephen Kent