[cabfpub] Question on CT: Monitoring

Ben Laurie benl at google.com
Mon Jan 6 12:49:42 UTC 2014


On 3 January 2014 23:48, Eddy Nigg (StartCom Ltd.)
<eddy_nigg at startcom.org> wrote:
> I met recently with a representative of Google working on this project (am I
> allowed to publish that?)

Sure.

> and I believe there is a way forward with CT.
> Slightly different than it started, but in my opinion better and the most
> sever problems affecting CAs in respect to the CT proposal can be apparently
> easily solved with achieving the same end-result which is the most important
> thing here. But I don't want to speak for them or put anything into their
> mouth.

We suspect that you are referring to serving SCTs in TLS extensions.
It would be helpful if you'd confirm that.

Whilst it is certainly true that this would reduce the burden on CAs
to zero, it will also increase the rollout time to something like 10
years or more. So, that is not a plan we intend to pursue.

Note that CAs who are content to only sell to people with updated
servers can certainly take advantage of this to avoid any extra work.

If you're thinking of something else, please say what.



More information about the Public mailing list