[cabfpub] Upcoming changes to Google Chrome's certificate handling
sigbjorn at opera.com
Fri Nov 8 10:00:41 UTC 2013
On 07-Nov-13 20:44, Jeremy Rowley wrote:
> 5) Size. We do not support Google’s recommendation for three
> separate time stamps. Two is sufficient to provide protection. In
> fact, I’d prefer to include only a single proof in each certificate. If
> you log a cert to multiple servers, you can include a new proof later on
> during re-issue, which minimizes concerns about log compromise.
> Regardless, I do not think Google should dictate the number of logs.
> Instead, each CA should individually evaluate the risks of a log
> compromise or unavailability and decide the number of proofs required.
There is an additional requirement I would like to see implemented on
the proofs, that at least one is issued by a log under a different
jurisdiction than the certificate. The threat scenario is a government
agency telling CAs "We want a certificate for this site and a forked log
proving it.", then deploying this in a closed network from where it will
A log proof from the CA itself should never be considered sufficient, as
this makes authoritarian misconduct much easier. A requirement for
different jurisdictions would also make life easier for CAs, as they
don't have to worry about government interference.
More information about the Public