[Trans] Certificate Transparency log GDPR compliance
Taavi Eomäe <taavieomae@gmail.com> Tue, 05 March 2019 00:50 UTC
Return-Path: <taavieomae@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CDFD13124F for <trans@ietfa.amsl.com>; Mon, 4 Mar 2019 16:50:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.969
X-Spam-Level:
X-Spam-Status: No, score=0.969 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UFXAbQN28U7f for <trans@ietfa.amsl.com>; Mon, 4 Mar 2019 16:50:20 -0800 (PST)
Received: from mail-it1-x12a.google.com (mail-it1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22F2613124B for <trans@ietf.org>; Mon, 4 Mar 2019 16:50:20 -0800 (PST)
Received: by mail-it1-x12a.google.com with SMTP id w18so1710172itj.4 for <trans@ietf.org>; Mon, 04 Mar 2019 16:50:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=C1SuZcnpXYTgoiYXfcLNZiinnPKv8/YQrfrhWBSdTac=; b=khtUq4CTdG7XPfs9//a5ZUfSTxlNzhdUz3rEcFfg2rN5pzZuXt+YfdCuyfjq6IxHL6 7OYdX5IQAa5jPrytcYhobRHdEboT8nshM2VKJ0q+XGEd+wy3Puf3xYZH7OiIOBd22I2p BBOo0SaES9S8YpxKxwIb9dZil8XblRVN8uDJR3/qYB1tPnuTsaR5hrmCpwdbZJhSwrXd g66IwuNrWoVrA5gV5bQb1l3p6nCYfEnEcbFu6cBD2DcYwz3Cmy3DPDa66ItkMAcqmKbX HEj097vp9naYGY2eya5mcSTDrsv5F7hO54UK11d+ugKWG0nk8aSHgGQDTkIz4scKQDJ3 RqZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=C1SuZcnpXYTgoiYXfcLNZiinnPKv8/YQrfrhWBSdTac=; b=N1dhkBHKen1p4w9Ds0GTPLOp4YSNxwJldEW3NZKC+Ub7jkR34gLRB/fw9JGs2V3aLn LLkdEZxBqP6kKV6wIl9ITlg/t0IBu3/HKNeF2NnNrgDFEgRtu9+LL5UxF+O/kVfBdk6F WVpfn+Ve8+a8Ctxovr5yNEJu7rg8hpu6kjjljuFM0Ro7EZYoDxW4hHXW6tY7G1Ksh2/o MFAZzadYG1Ke48aRSt8dlMaiMbwFEDid/oqe+dYt2CoxRpJVKb/z+ZIKqYJXxyoEI3k9 9ca+QJk4TTqmXcz0Vh8ohqYX+xeevB0X9N1QRNhWyPUs1uRcT52He6Y5ugh4pnpsI8Wr SqqA==
X-Gm-Message-State: APjAAAWkE1WLBgH2KOQsk8EwFj+3ARNdXmpMNnYJg8DCO+NjnSujv7i6 QZ9MhW0HHl2GZg2bdEtGdfjDLcRX4sWhi9KTD40aYTefr/s=
X-Google-Smtp-Source: APXvYqxBQoi7UlU1CnpZw/oYBMHYe8z+CfW+5DB452khocg624uLiFfioXEqizjB+zvkt+kmmPrSfc6Aw+OF0HOUz2s=
X-Received: by 2002:a24:4d4b:: with SMTP id l72mr1148770itb.177.1551747018960; Mon, 04 Mar 2019 16:50:18 -0800 (PST)
MIME-Version: 1.0
From: Taavi Eomäe <taavieomae@gmail.com>
Date: Tue, 05 Mar 2019 02:50:07 +0200
Message-ID: <CALfTr+qwijKjXPrRXK8Q9um5sRXrnjVYiSF9D_NcWnMN3YNtxA@mail.gmail.com>
To: trans@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d8b5b605834e4197"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/wbbeAI4I2AwtH-18QpiHeozBSFQ>
Subject: [Trans] Certificate Transparency log GDPR compliance
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 00:51:16 -0000
Hi I hope this is the right place to ask this question. The question itself is quite simple, how resilient is Certificate Transparency logs to GDPR takedown requests and what are the methods of removing a certificate from public logs without compromising the integrity of the logs? The reason why I'm asking this seemingly simple question is because Estonia has been issuing certificates to it's citizens since 2003, they're issued by a public CA and some of the certificates already exist in current logs ( https://ct.googleapis.com/rocketeer/ct/v1/get-entries?start=110654446&end=110654446 <https://www.google.com/url?q=https://ct.googleapis.com/rocketeer/ct/v1/get-entries?start%3D110654446%26end%3D110654446&sa=D&usg=AFQjCNEbCbHE9OvVwN9nQWP0i2m38mSbcw>). But if I'm not mistaken, GDPR applies to CT as well, those certificates contain PII, thus those certificates should be under the "mercy" of who's PII it is, but as far as I've searched, noone has discussed this previously, am I wrong? Taavi Eomäe
- [Trans] Certificate Transparency log GDPR complia… Taavi Eomäe
- Re: [Trans] Certificate Transparency log GDPR com… Eran Messeri