Re: [Trans] CT and non-public CAs
Ben Laurie <benl@google.com> Tue, 13 May 2014 12:42 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE341A00A8 for <trans@ietfa.amsl.com>; Tue, 13 May 2014 05:42:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id psco6XfGdtQ7 for <trans@ietfa.amsl.com>; Tue, 13 May 2014 05:42:40 -0700 (PDT)
Received: from mail-ve0-x233.google.com (mail-ve0-x233.google.com [IPv6:2607:f8b0:400c:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id C802E1A00A5 for <trans@ietf.org>; Tue, 13 May 2014 05:42:39 -0700 (PDT)
Received: by mail-ve0-f179.google.com with SMTP id oy12so338565veb.10 for <trans@ietf.org>; Tue, 13 May 2014 05:42:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=oBL0/EHSKOYuAKWBCrcoOPMYosBdPRE9Zj/Dpo9kTOU=; b=ppzwUhfILGL1nw2nv0GJRjxrwpV1lIOENe3E8SIxETLT1C0zl49Gh3jMkjZmbghyim Qalm9C3AGXFvRxjm/DwFWvyaYtd780ufgpwnWLbmX4h1WFdT/K7mZJ2TcnS0s0Xhub/Q 61EEumMlMhnibH6yAjX3ZNoLtVUksdiusnDFi/uV1MF0mj+8NRqPxRgOmzafuuJbYbQt gVRkxXR25op59MySqiSuv6nIL+UDt4mv9FdP4bsVuSC13jkbshDiUe+tiQ6aUM0pS4d2 jeiT0LNrHGAYR3wkqBXPWUB53BEg/yWoSthDlT8oOp5pr1EEtllsV7xo27fAVDfO2ScH 9ogQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=oBL0/EHSKOYuAKWBCrcoOPMYosBdPRE9Zj/Dpo9kTOU=; b=mqKTMA5Q7yz+DE7Zaq80hjYGW2AC45KYoIKHVmaC96qOzftTMKmRXE3NVFXVub9/nz papFZrgjxrWCtsvlxNSAklsshs7oV2ul9OCr1+JLcXla9/dDLOzbCuasYvUbUINZXW5V GhOYLjBTPNSlsB1GkUXEK0s/Z0/3Ce9M3uWXBuy4IOHvDJpOjx1V19ELiknC6hJv4Lpw XXJJ6NlqCuLr+HoPU4bc06rgIEBpjjUNxZ+YUdnuaTDq9R1z5vBFs8Lx7pXEXiyxQgGJ XrHWTIOsGZ95ZWCJGdguWrhmH/M6A+FLJUGDben+hQaMZWLLcEXb329L+9E+HR1SfbiO 7nHQ==
X-Gm-Message-State: ALoCoQkzCVDpBxgevl5OYlfPdy3lpIBao7YsqZbSnM8t8cab20WjxkDgfXNtaG04kRSJFDVUwDfr
MIME-Version: 1.0
X-Received: by 10.58.188.14 with SMTP id fw14mr267355vec.14.1399984953150; Tue, 13 May 2014 05:42:33 -0700 (PDT)
Received: by 10.52.252.97 with HTTP; Tue, 13 May 2014 05:42:33 -0700 (PDT)
In-Reply-To: <CADqLbzK7Ss80RDo946qKAQ6rYY4ypNYCL3AAzWCxB4rWc4aqAQ@mail.gmail.com>
References: <CADqLbzK7Ss80RDo946qKAQ6rYY4ypNYCL3AAzWCxB4rWc4aqAQ@mail.gmail.com>
Date: Tue, 13 May 2014 13:42:33 +0100
Message-ID: <CABrd9SSMDhh-1gkvAaO3WuFZQLUQvu9Yvm573vqCMCjf2+Mi3A@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Dmitry Belyavsky <beldmit@gmail.com>
Content-Type: multipart/alternative; boundary="089e010d8498d2f23804f947652f"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/OplWJ7VA_nlrY5IkaJMqkr3m9yI
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] CT and non-public CAs
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 12:42:41 -0000
On 13 May 2014 13:19, Dmitry Belyavsky <beldmit@gmail.com> wrote: > Hello All, > > A lot of companies have their own CAs for their internal purposes > (intranets, VPNs, etc). > If CT support will be widely used, does it mean that such companies will > have to configure their own (non-public) logs to avoid software's reports > about absence of SCTs? > We anticipate browsers providing enterprise controls to either configure extra logs or disable them for certain CAs/domains. > > > > -- > SY, Dmitry Belyavsky > > _______________________________________________ > Trans mailing list > Trans@ietf.org > https://www.ietf.org/mailman/listinfo/trans > > -- Certificate Transparency is hiring! Let me know if you're interested.
- [Trans] CT and non-public CAs Dmitry Belyavsky
- Re: [Trans] CT and non-public CAs Ben Laurie