[cabfpub] Upcoming changes to Google Chrome's certificate handling

Sigbjørn Vik sigbjorn at opera.com
Fri Nov 8 10:00:41 UTC 2013

On 07-Nov-13 20:44, Jeremy Rowley wrote:

> 5)      Size. We do not support Google’s recommendation for three
> separate time stamps.  Two is sufficient to provide protection.  In
> fact, I’d prefer to include only a single proof in each certificate.  If
> you log a cert to multiple servers, you can include a new proof later on
> during re-issue, which minimizes concerns about log compromise. 
> Regardless, I do not think Google should dictate the number of logs. 
> Instead, each CA should individually evaluate the risks of a log
> compromise or unavailability and decide the number of proofs required.

There is an additional requirement I would like to see implemented on
the proofs, that at least one is issued by a log under a different
jurisdiction than the certificate. The threat scenario is a government
agency telling CAs "We want a certificate for this site and a forked log
proving it.", then deploying this in a closed network from where it will
never leak.

A log proof from the CA itself should never be considered sufficient, as
this makes authoritarian misconduct much easier. A requirement for
different jurisdictions would also make life easier for CAs, as they
don't have to worry about government interference.

Sigbjørn Vik
Opera Software

More information about the Public mailing list