[cabfpub] Upcoming changes to Google Chrome's certificate handling

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Sun Nov 10 21:13:24 UTC 2013


On 11/05/2013 03:29 AM, From Rick Andrews:
> We close by offering that these comments are in the spirit of a robust 
> public discussion on the future of web security and have no doubt that 
> all parties including Google desire a safer Internet. We hope to 
> continue an active dialogue that looks for ways to reduce risk while 
> continuing to enable the web security ecosystem to flourish and scale 
> to provide even more benefit for the Internet. We invite feedback and 
> comment on our statements and look forward to continuing the discussion.

I'm not entirely sure how this stands today, but the CT adventure will 
have for us only value if revocation information will be carried by the 
log and result in an alternative of current revocation checking. Today 
after we were all force to run through the hoops to changing the OCSP 
responses to contain "unknown" in addition to "valid" and "revoked", I 
believe the CT log must be the source for either valid, revoked 
or....non-existent.

If the above is planned or an option, I believe that it can be a viable 
alternative to current implementations backed by a strong and shared 
infrastructure with the goal to provide reliable information to the 
relying parties about certificates CAs issued and their current status. 
Otherwise I believe the benefits don't justify the effort required.


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131110/9250d1f0/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131110/9250d1f0/attachment-0001.p7s>


More information about the Public mailing list