[cabfpub] Misissuance of certificates
Ryan Sleevi
sleevi at google.com
Mon Nov 9 20:55:21 MST 2015
On Mon, Nov 9, 2015 at 9:09 AM, Eddy Nigg <eddy_nigg at startcom.org> wrote:
> Is that even possible? I don't think so, otherwise what's the use for CT
> in first place...
>
Yes, and it's been discussed for years ;)
The scope of redaction is limited to the registarable portion (or at least,
would be required so via policy). the 6962-bis work ( most recent draft of
writing at
https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-10#section-4.2 )
describes the _protocol_ for how it works, while separately, log policy and
root program requirements would describe the obligations of CAs to use that
protocol (e.g. redactions can't extend beyond the Registered Domain Name,
or whatever terminology we come up with for the "part you get from a domain
name registrar" as part of the policy working group activities)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151109/230305fb/attachment-0001.html
More information about the Public
mailing list