Re: [Trans] defining "mis-issuance"

Peter Bowen <pzbowen@gmail.com> Thu, 02 October 2014 15:18 UTC

Return-Path: <pzbowen@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14E6B1A1A0A for <trans@ietfa.amsl.com>; Thu, 2 Oct 2014 08:18:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bpzcMPQwh5HV for <trans@ietfa.amsl.com>; Thu, 2 Oct 2014 08:18:08 -0700 (PDT)
Received: from mail-wi0-x22c.google.com (mail-wi0-x22c.google.com [IPv6:2a00:1450:400c:c05::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 140B41A19E9 for <trans@ietf.org>; Thu, 2 Oct 2014 08:18:07 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id n3so4330114wiv.11 for <trans@ietf.org>; Thu, 02 Oct 2014 08:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aKdTnt2ABj1mNBM+AnBeX9mt+vhRV7HeyXMNAOBMT6Q=; b=zulzBYK2US7Q8OGDy5hiidXmq85oIZndyXpFJYbTRRge912D6XA6jYZAg2EolTkQ90 2udmB3fnt514+jAdDaPtim1QnxJiT28BTkpUt55KId3fYPwGT1fpjNIZy8/oV8jrzrUl kTdzmHuYm62n4C1xq6LhY12MaTulIpSFN6+RXyiaqWnd7lvd6/DZVWnkT4U2T2ZoIMq5 gs2nVmY3Mrmc5ny+CyR/0M1/VKh+xexfupX7slM95k0i/6vIk/whlI7jYn/ekxzqDA5k HNl2wTT3TZgeqiEXCn0RYH4/0I5+BKquilkCH+4ZOsLfqYVOCwfWfvn7m3ZARkUOQqYl taxw==
MIME-Version: 1.0
X-Received: by 10.194.134.201 with SMTP id pm9mr15239514wjb.130.1412263086649; Thu, 02 Oct 2014 08:18:06 -0700 (PDT)
Received: by 10.27.79.193 with HTTP; Thu, 2 Oct 2014 08:18:06 -0700 (PDT)
In-Reply-To: <542D6678.9060507@comodo.com>
References: <542477E3.8070304@bbn.com> <544B0DD62A64C1448B2DA253C011414607D1628D70@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <542971A7.7030700@bbn.com> <544B0DD62A64C1448B2DA253C011414607D174DEB1@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <542C1846.7060303@bbn.com> <542C1EA6.8050106@comodo.com> <CAK6vND8N-31J1yzgAh8M-YmcgCkOkANWLCF1yiZNbEPHv8i2Hw@mail.gmail.com> <542D6678.9060507@comodo.com>
Date: Thu, 2 Oct 2014 08:18:06 -0700
Message-ID: <CAK6vND9cVUsY8pKpXBhGo5WrStXhyPC85Wib_crH-hcwnwNWvw@mail.gmail.com>
From: Peter Bowen <pzbowen@gmail.com>
To: Rob Stradling <rob.stradling@comodo.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/eAjXPbJDaoFyaC0W9RB9-SWceBI
Cc: "trans@ietf.org" <trans@ietf.org>, Stephen Kent <kent@bbn.com>
Subject: Re: [Trans] defining "mis-issuance"
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 15:18:10 -0000

On Thu, Oct 2, 2014 at 7:51 AM, Rob Stradling <rob.stradling@comodo.com> wrote:
> On 01/10/14 16:45, Peter Bowen wrote:
>>
>> On Wed, Oct 1, 2014 at 8:32 AM, Rob Stradling <rob.stradling@comodo.com>
>> wrote:
>>>
>>> The "ability to provide immediate feedback to CAs that are issuing
>>> syntactically malformed certs" sounds like a nice idea, but surely this
>>> could be implemented as a stand-alone application or web service?
>>> Why would you want it to be an intrinsic part of CT?
>>
>>
>> This feels like an interesting feature for CT log hosts.  An
>> additional API that allows subscribing to the "firehose" of all log
>> entries as they happen.
>
> Are you suggesting making something like [1] an integral part of log
> servers, rather than an optional/separate service?
>
>
> [1]
> https://groups.google.com/forum/#!topic/certificate-transparency/h4quw0htujs

I was more thinking of a streaming API[2], such that a client could to
an receive immediate notification of _every_ add-chain or
add-pre-chain call that included both the chain and the return values.
Think real-time monitoring instead of fetching the log data using the
get-* calls.

Thanks,
Peter

[2] See https://dev.twitter.com/streaming/public for Twitter's
explanation of streaming API