[cabfpub] Question on CT: Monitoring

Stephen Davidson S.Davidson at quovadisglobal.com
Mon Jan 6 13:39:34 UTC 2014


I met recently with a representative of Google working on this project (am I 
allowed to publish that?) and I believe there is a way forward with CT. 
Slightly different than it started, but in my opinion better and the most 
sever problems affecting CAs in respect to the CT proposal can be apparently 
easily solved with achieving the same end-result which is the most important 
thing here. But I don't want to speak for them or put anything into their 
mouth.



If the spec for CT is changing, it would be helpful if that information would 
be shared with all CAs.

Thanks, Stephen







From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On 
Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Friday, January 03, 2014 7:58 PM
To: CABFPub
Subject: Re: [cabfpub] Question on CT: Monitoring




On 01/03/2014 06:25 PM, From Rob Stradling:





- just
see http://www.netcraft.com/internet-data-mining/ssl-survey/ as an example:

    The distribution of key lengths, however, varies significantly
    between different CAs. For example, in May 2013, StartCom had issued
    no certificates with an RSA public key shorter than 2048-bits and
    almost 20% are 4096-bits long, more than any other major CA.


How does your customers' choice of key length reduce the chances of StartCom 
misissuing certs in the future?


A lot - first of all it's not always the choice of the subscribers, but it's 
an example of diligence by the CA. And I can give you a couple of more such 
examples if you want, setting the bar clearly higher.

Even though nothing is perfect as mentioned earlier, one can at least strive 
for that....




Do you have a better idea (than CT) for solving the problem of detecting 
misissuances?  If so, please write it up as an Internet Draft.


I met recently with a representative of Google working on this project (am I 
allowed to publish that?) and I believe there is a way forward with CT. 
Slightly different than it started, but in my opinion better and the most 
sever problems affecting CAs in respect to the CT proposal can be apparently 
easily solved with achieving the same end-result which is the most important 
thing here. But I don't want to speak for them or put anything into their 
mouth.




Regards





Signer:

Eddy Nigg, COO/CTO




StartCom Ltd. <http://www.startcom.org>


XMPP:

startcom at startcom.org


Blog:

Join the Revolution! <http://blog.startcom.org>


Twitter:

Follow Me <http://twitter.com/eddy_nigg>






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140106/e896ae71/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5494 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140106/e896ae71/attachment-0001.p7s>


More information about the Public mailing list