IETF Logo Mail Archive

Re: [Trans] path validation

Jeremy Rowley <jeremy.rowley@digicert.com> Tue, 30 September 2014 01:17 UTC

Return-Path: <jeremy.rowley@digicert.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04E511A00B2 for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 18:17:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.987
X-Spam-Level:
X-Spam-Status: No, score=-4.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zx8r6QORe8YI for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 18:17:56 -0700 (PDT)
Received: from mail.digicert.com (mail.digicert.com [64.78.193.232]) by ietfa.amsl.com (Postfix) with ESMTP id D35621A00B0 for <trans@ietf.org>; Mon, 29 Sep 2014 18:17:56 -0700 (PDT)
From: Jeremy Rowley <jeremy.rowley@digicert.com>
To: Matt Palmer <mpalmer@hezmatt.org>
Thread-Topic: [Trans] path validation
Thread-Index: AQHP2/OwXpNWKL1IZUO1F6YmH1ZGCpwY0v4AgAAJD4CAAAOFgIAAA7qAgABb0AD//6GnlA==
Date: Tue, 30 Sep 2014 01:17:42 +0000
Message-ID: <32a27n0wc4xjdebfvhxif1kp.1412039848992@email.android.com>
References: <54296FB2.1060109@bbn.com> <4262AC0DB9856847A2D00EF817E81139233695@scygexch10.cygnacom.com> <544B0DD62A64C1448B2DA253C011414607D1629838@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <4262AC0DB9856847A2D00EF817E8113923370C@scygexch10.cygnacom.com> <544B0DD62A64C1448B2DA253C011414607D162989C@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>, <20140930005524.GP16215@hezmatt.org>
In-Reply-To: <20140930005524.GP16215@hezmatt.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_32a27n0wc4xjdebfvhxif1kp1412039848992emailandroidcom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/eAwlXGf7Xlq5TNH-yVCxmzl03IE
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] path validation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2014 01:17:58 -0000

+1. My thoughts exactly.


Matt Palmer <mpalmer@hezmatt.org> wrote:

On Mon, Sep 29, 2014 at 12:26:47PM -0700, Rick Andrews wrote:
> Since it's not an absolute requirement at this point (either from CABF or
> from individual browsers' policies) I suggest that log servers cannot
> enforce the use of technical constraints in intermediate CAs.

Logs shouldn't be enforcing *anything*.  A log isn't a judge, it's a record.
The only constraints on what should be rejected from being accepted by a
log should be those things which prevent abuse sufficient to render a log
unusable.

- Matt

_______________________________________________
Trans mailing list
Trans@ietf.org
https://www.ietf.org/mailman/listinfo/trans

v2.23.0 | Report a Bug | By Email