I just wanted to alert members of this list of a discussion that has been
started on Chromium's ct-policy@ mailing list regarding Chromium's
policies for requiring EV certificates be logged in Certificate
Transparency Logs.

Ben Laurie has started a discussion at
https://groups.google.com/a/chromium.org/d/msg/ct-policy/_p8zRz5Em3s/2_0r4YjRQ8sJ
about whether or not CAs should be permitted to redact domain names when
logging certificates. As you can see from Ben's analysis of the Baseline
Requirements and EV Guidelines, this may affect the ability of the public
to ensure that CA's are conforming to the EV Guidelines, and thus rely on
audits to ensure this.

We welcome feedback from all parties, and are particularly interested to
hear from those who would like to use the CT logs to better ensure
compliance with Mozilla's policies and the competency of auditors, two
very relevant discussions happening here. As it presently stands,
Chromium's policy prevents such redactions.

To help ensure everybody can participate, please avoid cross-posting, and
instead comment on the original.

Cheers!

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to