Re: [Trans] Precertificate format

Ben Laurie <benl@google.com> Tue, 09 September 2014 19:01 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5676F1A00C2 for <trans@ietfa.amsl.com>; Tue, 9 Sep 2014 12:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.031
X-Spam-Level:
X-Spam-Status: No, score=-3.031 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smEVCqWu9k7S for <trans@ietfa.amsl.com>; Tue, 9 Sep 2014 12:01:13 -0700 (PDT)
Received: from mail-qc0-x22a.google.com (mail-qc0-x22a.google.com [IPv6:2607:f8b0:400d:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0CCD1A0194 for <trans@ietf.org>; Tue, 9 Sep 2014 12:00:59 -0700 (PDT)
Received: by mail-qc0-f170.google.com with SMTP id r5so18464912qcx.1 for <trans@ietf.org>; Tue, 09 Sep 2014 12:00:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=THuE5L/DwGkoGcZcinkcRUmaUA9vEf0I0qTY0i+toj0=; b=ay96M18Ywgf2PoMfqCCTQhi5LliFxsgML1tpRquAqOfihUVj38iAwkxyv/cn0Gl4Am sCsks8Gw1MLv8rSoD4luhm9I+zolNwhDzSknXXndxUO3/Psi1PnrRYHVfhLhKfwUUMF8 jko4IEIm1V0xFb+vam2oIu1pldV9LR08uMqGq0fQB3Buq97+P/huoYrWLTA6VplznfWf 1tGFOYCjDUnd4xVer+0cPtK8RZYH7Bg7PyCPx7bEkjFWsJYjW1Yzni1xsL5MsIu1xPwr tszn8P6CXeMlXtQ4azOEVagCmxbNh6bdvTeADaY447ltWZgfDXXDf1w3XUnh+MGu++Ix kUvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=THuE5L/DwGkoGcZcinkcRUmaUA9vEf0I0qTY0i+toj0=; b=If2f08mleuzpjUJSg/vM5UTgcDHm3bgS11PDy5kHH6ujf7Vmk3fiwOPR7/zgQxj8bw t/eTi+exonOv7I75uk9SfNXeIGbrksWa0UpaKDqSpht3AQJPJPOlOLLRMO06ZsYZ4cEf 3magv9WP6dF3ld+0vVufbPJMInC0J6z05OnBj15aUpSVSWRPt1kkg5zz9+7hCrpJr4ES Iyb/3q/aGvSM7cs3v0Ws2hfyzosgEBmE4i1c0ugp0VM/j2lCxq0sfHnDkidPGFF/Ve+U ZXKMvEkT6gHQCEVuC/vN9+uPGaEJgG4HaYlzVZlvgZW9sWcy7wtWYij0GCiGxgvGZjJL A8jw==
X-Gm-Message-State: ALoCoQnA7Oj8Q4ts1hwUQ5m6A353kKciF4PolEVM53I2Hq3COLzEJzSxCDbrXFJM++D1xBWb6qjp
MIME-Version: 1.0
X-Received: by 10.224.3.5 with SMTP id 5mr28558078qal.1.1410289258101; Tue, 09 Sep 2014 12:00:58 -0700 (PDT)
Received: by 10.229.40.68 with HTTP; Tue, 9 Sep 2014 12:00:57 -0700 (PDT)
In-Reply-To: <540F3B42.3000708@bbn.com>
References: <540DFA75.2040000@gmail.com> <540E0E90.1070208@bbn.com> <4B184DAD-3C7A-4032-8BA6-634736BB2689@paypal.com> <540F3B42.3000708@bbn.com>
Date: Tue, 09 Sep 2014 20:00:57 +0100
Message-ID: <CABrd9SS4NgJo8mX72fB_9q4u8jQ5NQYsyk5hxPZvXxyfERvvcg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/zydx7VlrTU8ffxX7ZIprSMQi-Ok
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Precertificate format
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2014 19:01:14 -0000

On 9 September 2014 18:39, Stephen Kent <kent@bbn.com> wrote:
> I agree that the serial number is critical if one plans to revoke the cert.
> But ,
> the I-D makes no mention of remediation mechanisms, an omission I noted in
> my review
> a while ago.

It makes no mention because they are not in scope. The point of CT is
to allow others to vet certificates and take appropriate action when
needed.

It is not up to us to describe all possible problems and how they are
remedied. If you think that's a valuable exercise, be my guest.

However, when you suggest that inclusion of some particular thing is
problematic, then we can, of course, refer to potential problems CT
might reveal and available remedies as an illustration of why that
thing is needed.