Re: [Trans] Alternate formats for Precertificates

Tomas Gustavsson <tomas@primekey.se> Thu, 27 February 2014 17:23 UTC

Return-Path: <tomas@primekey.se>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9250D1A043F for <trans@ietfa.amsl.com>; Thu, 27 Feb 2014 09:23:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.397
X-Spam-Level:
X-Spam-Status: No, score=-1.397 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4vgJzdeQzj_8 for <trans@ietfa.amsl.com>; Thu, 27 Feb 2014 09:23:27 -0800 (PST)
Received: from mail.primekey.se (mail.primekey.se [213.179.18.11]) by ietfa.amsl.com (Postfix) with ESMTP id 6A2B71A0432 for <trans@ietf.org>; Thu, 27 Feb 2014 09:23:27 -0800 (PST)
Received: from mail.primekey.se (localhost [127.0.0.1]) by mail.primekey.se (Postfix) with ESMTP id 25E0B45C00E2 for <trans@ietf.org>; Thu, 27 Feb 2014 18:24:40 +0100 (CET)
Received: from [192.168.1.107] (c-50-184-94-125.hsd1.ca.comcast.net [50.184.94.125]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.primekey.se (Postfix) with ESMTPSA id A317B45C00DE for <trans@ietf.org>; Thu, 27 Feb 2014 18:24:39 +0100 (CET)
Message-ID: <530F7485.5020204@primekey.se>
Date: Thu, 27 Feb 2014 09:23:17 -0800
From: Tomas Gustavsson <tomas@primekey.se>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: trans@ietf.org
References: <CABrd9SSOmEgbTvLNw5bPN2SnKbob800qEecn+tHvZUkrghFcQg@mail.gmail.com> <530E100A.7040503@primekey.se> <530E142A.90007@comodo.com> <530E16CD.6030908@primekey.se> <CABrd9SR1S7Fg5Xs_dkgou3HfF4O_hyzFxW4qS=-2eti7DmGZew@mail.gmail.com> <67380B58-5D8B-4B38-B20B-2FF6769FE94B@vpnc.org> <CF3388E0.11D87%carl@redhoundsoftware.com> <2CABE0AE-46C1-4D7A-BD8F-29BFE6225D3A@vpnc.org> <530F5DED.1090905@comodo.com>
In-Reply-To: <530F5DED.1090905@comodo.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/Wcn6pu_VFdCxYF2A1CkSLT_z-yo
Subject: Re: [Trans] Alternate formats for Precertificates
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 17:23:29 -0000

> I was simply trying to point out that reusing a structure from RFC4210
> and reusing a structure from RFC5280 are both equivalent in terms of
> structure reuse and feel-good factor.
>
> (Tomas seemed to be implying that RFC4210 scored higher on these metrics).

Since there is some unease on the mailing list regarding duplication of 
issuer/serialNumber pairs, I was merely pointing out that there is an 
alternative that does not affects the CT RFC in any structural way. 
Simply using another, already existing ASN.1 structure.

I have no problem living with the present use of TBSCertificates if 
everyone agrees. I'm not much of a fan of wacky ideas however, when 
there are standard based alternatives.

Cheers,
Tomas