I just wanted to alert members of this list of a discussion that has been started on Chromium's ct-policy@ mailing list regarding Chromium's policies for requiring EV certificates be logged in Certificate Transparency Logs.
Ben Laurie has started a discussion at https://groups.google.com/a/chromium.org/d/msg/ct-policy/_p8zRz5Em3s/2_0r4YjRQ8sJ about whether or not CAs should be permitted to redact domain names when logging certificates. As you can see from Ben's analysis of the Baseline Requirements and EV Guidelines, this may affect the ability of the public to ensure that CA's are conforming to the EV Guidelines, and thus rely on audits to ensure this. We welcome feedback from all parties, and are particularly interested to hear from those who would like to use the CT logs to better ensure compliance with Mozilla's policies and the competency of auditors, two very relevant discussions happening here. As it presently stands, Chromium's policy prevents such redactions. To help ensure everybody can participate, please avoid cross-posting, and instead comment on the original. Cheers! _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy