[cabfpub] Ballot for limited exemption to RFC 5280 for CTimplementation

Rob Stradling rob.stradling at comodo.com
Fri Sep 19 11:18:28 UTC 2014 

On 18/09/14 22:04, Brian Smith wrote:
> On Thu, Sep 18, 2014 at 2:08 AM, Rob Stradling <rob.stradling at comodo.com> wrote:
>> On 18/09/14 04:55, Brian Smith wrote:
>> It would be great if OCSP Stapling was already deployed sufficiently
>> ubiquitously for this workaround to be viable.  Unfortunately, it's still
>> not.
>
> There's no way for me to access the accuracy of that statement. Also,
> your definition of "viable" is very different than mine, because I
> think browsers shouldn't show the EV indicator unless there's a
> stapled OCSP response, *regardless* of CT.

Brian, that's an interesting point of view.  Is it just your own private 
opinion, or is it shared by Mozilla?

IINM, in Chrome's case CRLSets cover all EV certs, so there wouldn't be 
much point making Stapled OCSP a prerequisite for getting the EV indicator.

> (The only useful thing about EV is its effect on encouraging CT adoption.)

Really?

>>> Finally, IIUC, the only
>>> negative consequence of this that EV certificates won't get the EV
>>> indicator in Google Chrome. It doesn't affect any other clients, IIUC.
>>
>> Correct.  However, EV certificate holders really don't want to lose the EV
>> indicator in Chrome!
>
> That's a private matter between the CAs and Google.

It ceases to be a private matter if we accept that it impacts the BRs/EVGs.

>>> IMO, it makes more sense to change the experiment than it does to
>>> (effectively) change the fundamental standards that all CABForum work is
>>> based on.
>>
>> Maybe so, but I don't see any sign of Google's CT/EV plan being derailed.
>> Remember, it's already been 3 years since the DigiNotar incident...
>
> Again, that's between Google and the CAs in its program.

As above.

<snip>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.

More information about the Public mailing list