[Trans] Another Question about the PRIVATE option (Ticket #1)

Rick Andrews <Rick_Andrews@symantec.com> Mon, 17 March 2014 23:40 UTC

Return-Path: <Rick_Andrews@symantec.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 62ECB1A050E for <trans@ietfa.amsl.com>; Mon, 17 Mar 2014 16:40:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.048
X-Spam-Status: No, score=-2.048 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 3F0ZwtMOlKNj for <trans@ietfa.amsl.com>; Mon, 17 Mar 2014 16:40:37 -0700 (PDT)
Received: from ecl1mtaoutpex01.symantec.com (ecl1mtaoutpex01.symantec.com []) by ietfa.amsl.com (Postfix) with ESMTP id 28C601A04B4 for <trans@ietf.org>; Mon, 17 Mar 2014 16:40:35 -0700 (PDT)
X-AuditID: a66201d1-b7f0d8e000006739-5a-532787ea1a10
Received: from tus1smtintpin02.ges.symantec.com (tus1smtintpin02.ges.symantec.com []) by ecl1mtaoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id DF.7C.26425.AE787235; Mon, 17 Mar 2014 23:40:26 +0000 (GMT)
Received: from [] (helo=TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM) by tus1smtintpin02.ges.symantec.com with esmtp (Exim 4.76) (envelope-from <Rick_Andrews@symantec.com>) id 1WPh8s-0007gb-6h for trans@ietf.org; Mon, 17 Mar 2014 23:40:26 +0000
Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([]) by TUS1XCHHUBPIN02.SYMC.SYMANTEC.COM ([]) with mapi; Mon, 17 Mar 2014 16:40:26 -0700
From: Rick Andrews <Rick_Andrews@symantec.com>
To: "trans@ietf.org" <trans@ietf.org>
Date: Mon, 17 Mar 2014 16:40:25 -0700
Thread-Topic: Another Question about the PRIVATE option (Ticket #1)
Thread-Index: Ac8+oPKFXVHX/uoSQHu16zav+g+1FQDle+FA
Message-ID: <544B0DD62A64C1448B2DA253C011414607C7DAA2CF@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <544B0DD62A64C1448B2DA253C011414607C70EAF9E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <531EE6A6.7000007@comodo.com> <544B0DD62A64C1448B2DA253C011414607C77BCCBE@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <53204F9E.7000507@comodo.com> <CALzYgEf-=7+XpBYgV-+0ijq-whRsn9gam7AELERZfof-TJ5uEg@mail.gmail.com> <53217E29.7040004@comodo.com>
In-Reply-To: <53217E29.7040004@comodo.com>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphkeLIzCtJLcpLzFFi42I5sOJ6mu6rdvVggxO9ZhZrH19kcWD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxr1PHewFM3krLraeYWpgPM7VxcjJISFgIvHzwlImCFtM4sK9 9WxdjFwcQgIfGSXOT53JApIQEvjPKLHsYQlEYhWjxNPjJxlBEmwCehJbHl9hB7FFBFQlPt9v AZvEAmQvX3qQuYuRg0NYwE7i3mdXiBJniU8797JB2EYSE9a9BivnFYiS2HuiiRVi1yUmiZ9z QkFaOQW0JK5dBpvOCHTb91NrwMqZBcQlbj2ZD3WzgMSSPeeZIWxRiZeP/7FC1ItK3GlfzwhR ryOxYPcnNghbW2LZwtfMEGsFJU7OfMIygVFsFpKxs5C0zELSMgtJywJGllWMMqnJOYa5JYn5 pSUFqRUGhnrFlbmJwJhJ1kvOz93ECIybZUmMF3cwXjise4hRgINRiYd3UbN6sBBrYhlQ5SFG CQ5mJRFeCROgEG9KYmVValF+fFFpTmrxIUZpDhYlcd4qB+VgIYH0xJLU7NTUgtQimCwTB6dU A2PD+rOFnUIFYgL3Vu31aZW2+zGjgHuxHNueRb81rI9xzv5mfrQlJkU3rewU+879+ndDBX6K /n89+YRo+EvnvMVblbKV/QWmcBzI1vnXmH53p9bmnfeSvIUMlvhn3l7AcPgow5pHd8Q2a16M Y1z6QubJVr6AOX15eTft95j90VpbX7QsZ31O7y0lluKMREMt5qLiRAA18SxXlwIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/f2i6J4v3R-UUtfEApC1YGuPo_44
Subject: [Trans] Another Question about the PRIVATE option (Ticket #1)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 23:40:40 -0000

I have another question about the PRIVATE option. While planning the implementation of CT with our teams, we first thought that we would use the precertificate option as the default for all customers. Our hope was that most customers wouldn't even need to be aware of CT; they would get some extra data in their cert and there would be no change to deployment (I believe that was the hope of the CT designers too).

However, the PRIVATE subdomain masking option made us rethink that. If a customer wants to keep their fqdn private, they need to make that choice up front, before we've issued the cert to them. If they don't choose PRIVATE up front, their cert will get logged, and switching to PRIVATE after that would be pointless because their fqdn would be public. But that means forcing the customer to stop in the middle of the enrollment process, read up on CT, and make an informed decision. We're finding it's difficult to get most people to understand why they would choose SHA-2 instead of SHA-1, and educating them on CT and its options is expected to be far more difficult.

So we're considering making PRIVATE the default option, or perhaps the only option. It's arguably better for customers because it preserves a measure of privacy and postpones the time when they have to understand all the details of CT. It may be a little more challenging for a domain owner monitoring the logs, because they'll only see the precerts with serial numbers and no fqdns, but that's not much of a challenge. It makes our implementation simpler and therefore easier to test and deploy.

Any feedback on this idea?