<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 6 January 2014 13:39, Stephen Davidson <span dir="ltr"><<a href="mailto:S.Davidson@quovadisglobal.com" target="_blank">S.Davidson@quovadisglobal.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="white" lang="EN-US" link="blue" vlink="purple"><div><div class="im"><p class="MsoNormal">I met recently with a representative of Google working on this project (am I allowed to publish that?) and I believe there is a way forward with CT. Slightly different than it started, but in my opinion better and the most sever problems affecting CAs in respect to the CT proposal can be apparently easily solved with achieving the same end-result which is the most important thing here. But I don't want to speak for them or put anything into their mouth.<br>
<br><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p></div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">If the spec for CT is changing, it would be helpful if that information would be shared with all CAs.</span></p>
</div></div></blockquote><div><br></div><div>As you may be aware, we're currently in the process of trying to set up an IETF Working Group for a Standards Track version of CT. Undoubtedly this will result in an updated spec, but there are no current plans to change CT in any way that has not been discussed.</div>
<div><br></div><div>As indicated in an earlier email, I am not sure what Eddy is referring to here, so a little hard to comment specifically.</div><div><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks, Stephen<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> <a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> [mailto:<a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Eddy Nigg (StartCom Ltd.)<br>
<b>Sent:</b> Friday, January 03, 2014 7:58 PM<br><b>To:</b> CABFPub</span></p><div class="im"><br><b>Subject:</b> Re: [cabfpub] Question on CT: Monitoring<u></u><u></u></div><p></p></div></div><p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><br></p><div><div class="h5">On 01/03/2014 06:25 PM, From Rob Stradling: <u></u><u></u></div></div><p></p><div><div class="h5"><p class="MsoNormal"><br><br><u></u><u></u></p><p class="MsoNormal">- just <br>
see <a href="http://www.netcraft.com/internet-data-mining/ssl-survey/" target="_blank">http://www.netcraft.com/internet-data-mining/ssl-survey/</a> as an example: <br><br> The distribution of key lengths, however, varies significantly <br>
between different CAs. For example, in May 2013, StartCom had issued <br> no certificates with an RSA public key shorter than 2048-bits and <br> almost 20% are 4096-bits long, more than any other major CA. <u></u><u></u></p>
<p class="MsoNormal"><br>How does your customers' choice of key length reduce the chances of StartCom misissuing certs in the future? <u></u><u></u></p><p class="MsoNormal"><br>A lot - first of all it's not always the choice of the subscribers, but it's an example of diligence by the CA. And I can give you a couple of more such examples if you want, setting the bar clearly higher.<br>
<br>Even though nothing is perfect as mentioned earlier, one can at least strive for that....<br><br><br><u></u><u></u></p><p class="MsoNormal">Do you have a better idea (than CT) for solving the problem of detecting misissuances? If so, please write it up as an Internet Draft. <u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>I met recently with a representative of Google working on this project (am I allowed to publish that?) and I believe there is a way forward with CT. Slightly different than it started, but in my opinion better and the most sever problems affecting CAs in respect to the CT proposal can be apparently easily solved with achieving the same end-result which is the most important thing here. But I don't want to speak for them or put anything into their mouth.<br>
<br><u></u><u></u></p><div><table border="0" cellspacing="0" cellpadding="0"><tbody><tr><td colspan="2" style="padding:0in 0in 0in 0in"><p class="MsoNormal">Regards <u></u><u></u></p></td></tr><tr><td colspan="2" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"> <u></u><u></u></p></td></tr><tr><td style="padding:0in 0in 0in 0in"><p class="MsoNormal">Signer: <u></u><u></u></p></td><td style="padding:0in 0in 0in 0in"><p class="MsoNormal">Eddy Nigg, COO/CTO<u></u><u></u></p>
</td></tr><tr><td style="padding:0in 0in 0in 0in"><p class="MsoNormal"> <u></u><u></u></p></td><td style="padding:0in 0in 0in 0in"><p class="MsoNormal"><a href="http://www.startcom.org" target="_blank">StartCom Ltd.</a><u></u><u></u></p>
</td></tr><tr><td style="padding:0in 0in 0in 0in"><p class="MsoNormal">XMPP: <u></u><u></u></p></td><td style="padding:0in 0in 0in 0in"><p class="MsoNormal"><a>startcom@startcom.org</a><u></u><u></u></p></td></tr><tr><td style="padding:0in 0in 0in 0in">
<p class="MsoNormal">Blog: <u></u><u></u></p></td><td style="padding:0in 0in 0in 0in"><p class="MsoNormal"><a href="http://blog.startcom.org" target="_blank">Join the Revolution!</a><u></u><u></u></p></td></tr><tr><td style="padding:0in 0in 0in 0in">
<p class="MsoNormal">Twitter: <u></u><u></u></p></td><td style="padding:0in 0in 0in 0in"><p class="MsoNormal"><a href="http://twitter.com/eddy_nigg" target="_blank">Follow Me</a><u></u><u></u></p></td></tr><tr><td colspan="2" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"> <u></u><u></u></p></td></tr></tbody></table></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div><br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div><br></div></div>