[cabfpub] [therightkey] Updated Certificate Transparency + Extended Validation plan

Wayne Thayer wthayer at godaddy.com
Wed Feb 5 01:47:04 UTC 2014


I'm somewhat confused by the following two points:

>>5. By July 2014 all EV certificates with validity periods beyond [July
>>2014] should be logged in
at least [one] qualifying log (see below).
>>6. On 1 Jan 2015 Chrome will create a whitelist of valid EV certificates
>>already issued without
an embedded SCT [issued by CAs participating in CT] from all qualifying
logs.

If EV certificates issued prior to 1 Jan 2015 will be whitelisted, what is
the purpose of point #5?

Also, regarding point #7, I understand if it¹s not practical to distribute
a large whitelist to mobile platforms, but IMO retroactively removing the
EV indicator from existing certs rather than letting them naturally expire
before enforcing CT on mobile platforms creates a bad EV experience in
return for little additional transparency & security.

Thanks,

Wayne

-----Original Message-----
From: therightkey [mailto:therightkey-bounces at ietf.org] On Behalf Of Ben
Laurie
Sent: Tuesday, February 04, 2014 10:08 AM
To: CABFPub; certificate-transparency at googlegroups.com;
therightkey at ietf.org
Subject: [therightkey] Updated Certificate Transparency + Extended
Validation plan

Enclosed, our revised plan.

Comments welcome.




More information about the Public mailing list