[Trans] Precertificate format

Ben Laurie <benl@google.com> Thu, 16 October 2014 15:09 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DC361A1B96 for <trans@ietfa.amsl.com>; Thu, 16 Oct 2014 08:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wtxT6tmmiA-Q for <trans@ietfa.amsl.com>; Thu, 16 Oct 2014 08:09:49 -0700 (PDT)
Received: from mail-qa0-x229.google.com (mail-qa0-x229.google.com [IPv6:2607:f8b0:400d:c00::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE7641A1BB1 for <trans@ietf.org>; Thu, 16 Oct 2014 08:09:14 -0700 (PDT)
Received: by mail-qa0-f41.google.com with SMTP id n8so2542605qaq.14 for <trans@ietf.org>; Thu, 16 Oct 2014 08:09:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=oz4ct6EBGNymqka11JP1BUIjPoBfE7Xq0UfdBHaUlSY=; b=HD5kUc6mk6qMYpuRxKt/SZPXACxgj2C/V6YMC2InYSEvSdnFvchhRNDKKYBoZIYO3n YsYujltIh+dYQ2CX/jIB6ZrORu7S95PLwYNNTtaIOmd2TPfBbamcwvpqMC6kX/EiVyyf m+sBkOEm68QjA66ARsiHIyhGADZyF+Ko+QRGPnlJWS4UTDBtAIh0FFFrz+jifHf2LdMD GKqqjI1e/K9qSQJx25CfAQSmBFBB0rQlQGcAJNbGt6MWY7fq7k55y5pO9dZ09h0VeX+K k0hsIXMh4N9YcogJWY9fQs6NnT+OcbOhybkn0lqNmhyMjjAQCEFwh6TXef6xLTbxgJop UsCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=oz4ct6EBGNymqka11JP1BUIjPoBfE7Xq0UfdBHaUlSY=; b=bjxYsgSor67ekw8vUEg3yjcbLGoq6Y5WRwos3InhWU/3RkADAxZI9QxSAA7DW+z45K 1njuTlPgseZOUGsw7CLgDp2CzUbISNogoO5ShRfyBFTHEndkps/3AV4o75bpHRhLGa9z kzKvQQq9hVMZ14JgeUezXdZkkL8alhXoXjl41o4HOT2JsB+qClVqgU2o2QiW64Uehg1N m9s4g6rLm4SfIwayrlPZfVC5Twnco+zrA6U0/NF6TohgKG496lEF0+wO5JptH0uaDI0w UI9EotXyvys2sd1g92ZKVdrzEGgNi9e6cdAgISCABT/a/GzsAUV3+wD1MWuR8MabV1pS ZEQg==
X-Gm-Message-State: ALoCoQnt3lcaXO0rlBFfGQdL0PKS46B/H/y6tZbr2tm/Mxshpp0XsLEjB6J/RkgWWEuGlbdRk3aU
X-Received: by 10.140.19.107 with SMTP id 98mr2876462qgg.37.1413472153900; Thu, 16 Oct 2014 08:09:13 -0700 (PDT)
MIME-Version: 1.0
From: Ben Laurie <benl@google.com>
Date: Thu, 16 Oct 2014 15:09:13 +0000
Message-ID: <CABrd9ST-a64kDK82a-ATDW2JkuHZWbGfO0-Rmtgv5mbYrnwZPQ@mail.gmail.com>
To: "trans@ietf.org" <trans@ietf.org>
Content-Type: multipart/alternative; boundary=001a11354e4ea24bc905058ba117
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/qQm22P-9cLOYvBMjt6Ov-rnxhjA
Subject: [Trans] Precertificate format
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 15:09:50 -0000

We (the 6962-bis editors) would like to propose that we replace the
existing precertificate formats with a TBSCertificate wrapped in PKCS#7.
This lays to rest, we think, any possible confusion with X509v3 certs,
whilst allowing a simple mapping between the final cert and the pre-cert.

Obviously there are details to be nailed down, but before we do so, we'd
like to hear any discussion on the general idea.