[cabfpub] New CT Policy for Chrome Published - May 2016
Ryan Sleevi
sleevi at google.com
Wed May 4 20:51:16 UTC 2016
This is to let everyone know that the May 2016 CT Policy is now published
at
https://sites.google.com/a/chromium.org/dev/Home/chromium-security/certificate-transparency
(direct
link is
https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/CTPolicyMay2016edition.pdf?attredirects=0
)
This update was discussed at
https://groups.google.com/a/chromium.org/d/topic/ct-policy/Mp1dqTWAiSY/discussion
and
contains the details and justifications for the change, which we believe
should not negatively affect anyone that was complying with the existing
policy.
Specific for the CAs who may not be participating in the ct-policy list,
this hopefully clarifies what should be supported for DV/OV certificates.
The naming of the previous policy - though clearly designed to cover non-EV
certificates by virtue of the discussions of certificate lifetimes - lead
to some CAs being confused about what was expected for these other types.
This does not provide a timeline for when it will be required for DV/OV,
because as I've expressed in every meeting since we've begin deploying CT,
we are still proceeding slowly in order to allow CAs, log operators,
monitors, and browsers necessary time to gain experience with deploying and
interacting with CT in a meaningful and scalable way. However, that said,
we welcome any and all CAs to comply with this policy (precertificates in
particular) as a means of avoiding any potential issues or delays in
deploying CT for when that timeline is finalized and announced, and to the
benefit of your customers and the PKI ecosystem.
Note that there are clear benefits for your users and customers, even
absent a Chrome requirement, as evidenced by posts such as
https://www.facebook.com/notes/protect-the-graph/early-impacts-of-certificate-transparency/1709731569266987/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160504/faa8a477/attachment-0002.html>
More information about the Public
mailing list