[cabfpub] Upcoming changes to Google Chrome's certificate handling

[Sigbjørn Vik]

On 07-Nov-13 20:44, Jeremy Rowley wrote:

> 5)      Size. We do not support Google’s recommendation for three
> separate time stamps.  Two is sufficient to provide protection.  In
> fact, I’d prefer to include only a single proof in each certificate.  If
> you log a cert to multiple servers, you can include a new proof later on
> during re-issue, which minimizes concerns about log compromise. 
> Regardless, I do not think Google should dictate the number of logs. 
> Instead, each CA should individually evaluate the risks of a log
> compromise or unavailability and decide the number of proofs required.

There is an additional requirement I would like to see implemented on
the proofs, that at least one is issued by a log under a different
jurisdiction than the certificate. The threat scenario is a government
agency telling CAs "We want a certificate for this site and a forked log
proving it.", then deploying this in a closed network from where it will
never leak.

A log proof from the CA itself should never be considered sufficient, as
this makes authoritarian misconduct much easier. A requirement for
different jurisdictions would also make life easier for CAs, as they
don't have to worry about government interference.

-- 
Sigbjørn Vik
Opera Software