Re: [Trans] Draft agenda

Phillip Hallam-Baker <hallam@gmail.com> Mon, 24 February 2014 19:17 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 140191A022E for <trans@ietfa.amsl.com>; Mon, 24 Feb 2014 11:17:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kr05wEfCslb4 for <trans@ietfa.amsl.com>; Mon, 24 Feb 2014 11:17:48 -0800 (PST)
Received: from mail-la0-x231.google.com (mail-la0-x231.google.com [IPv6:2a00:1450:4010:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id B8CD01A01FC for <trans@ietf.org>; Mon, 24 Feb 2014 11:17:47 -0800 (PST)
Received: by mail-la0-f49.google.com with SMTP id mc6so2804619lab.22 for <trans@ietf.org>; Mon, 24 Feb 2014 11:17:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7WVJqd3gLvoqFaqsRoeILlVlWnQkeTn2f6eEyuDSzu8=; b=mn/9YcWbX4FZgBZcC0YTzphq5PXpH9V8u2nG2cSevsuj2YYJ5qI9RPVPUCgAJSs2Qb 92G7Wn68U0H0fZycPvwsFUO/xLkmwsUT+u0xAjFKY0iH/bULj+diTe3RQ24rpmFtp8x1 lgTO9z5filwy5U6Ww2BtJje/MO0ccoBs36MeXrnB5qIrtmsXSEeuAONLGkNmyvQckKRa x7bLHaODjoUsiZs+F63JjVop/SQpokwmr0SFibWCh1tK9xcfhQLPeOvLarrpDysGQGJ3 9GI3PIrpWSBP2Ero8nbICPgFPkXIsEvWeiVcdXdm6lyAuZqt94e+b+6r+s6/IlNYYmXq AIAQ==
MIME-Version: 1.0
X-Received: by 10.152.203.193 with SMTP id ks1mr13411424lac.0.1393269466372; Mon, 24 Feb 2014 11:17:46 -0800 (PST)
Received: by 10.112.37.168 with HTTP; Mon, 24 Feb 2014 11:17:46 -0800 (PST)
In-Reply-To: <CABrd9SSpyw4nJ9t7X0WDeN+1MnhD+__-QXLOQXYs=h2JCUrwDg@mail.gmail.com>
References: <53063600.4020102@gmail.com> <CALzYgEe0XrQdKDZN3_dwFLnM87+TXyYRMzj4ZGe5xKi-T_5V+g@mail.gmail.com> <530B86F6.5040201@gmail.com> <CABrd9SSpyw4nJ9t7X0WDeN+1MnhD+__-QXLOQXYs=h2JCUrwDg@mail.gmail.com>
Date: Mon, 24 Feb 2014 14:17:46 -0500
Message-ID: <CAMm+Lwj4XniVS_n+M3TmT_LM+P6H6HGgcnhMezUjnupKXzwwdg@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Ben Laurie <benl@google.com>
Content-Type: multipart/alternative; boundary="001a113470d29e9dd404f32bd37f"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/aS07h3OMTFSIRXThMvH6Z7YNPv0
Cc: Melinda Shore <melinda.shore@gmail.com>, "trans@ietf.org" <trans@ietf.org>, Eran Messeri <eranm@google.com>
Subject: Re: [Trans] Draft agenda
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 19:17:50 -0000

What exactly is a 'precertificate'. Either something is a cert or it is not.

If it parses as an X.509v3 certificate then it is an X.509v3 certificate
and thats an end to it.

If it is not then it is probably a CSR which would seem to be the existing
PKIX structure that fits its purpose.




On Mon, Feb 24, 2014 at 1:21 PM, Ben Laurie <benl@google.com> wrote:

> On 24 February 2014 17:52, Melinda Shore <melinda.shore@gmail.com> wrote:
> > On 2/24/14 7:35 AM, Eran Messeri wrote:
> >> I'll be happy to scribe half the session.
> >
> > Excellent - thank you.
> >
> >> As for the agenda, I'd like to suggest discussing handling of private
> >> subdomains
> >> <https://code.google.com/p/certificate-transparency/issues/detail?id=20
> >.
> >> IMHO while the suggestion in the issue makes sense , it'd benefit from
> >> another review to make sure it would work as intended and covers all
> >> cases CAs are concerned about.
> >
> > That one looks to me like a hairball.  Right now it's a MUST
> > in 5280 that a serial number be unique for each certificate
> > issued by a CA.
>
> Precertificates already share serial numbers with certificates. The
> intent of 5280 is not violated by this practice, but perhaps needs
> amending to permit it.
>
> _______________________________________________
> Trans mailing list
> Trans@ietf.org
> https://www.ietf.org/mailman/listinfo/trans
>



-- 
Website: http://hallambaker.com/