On 2014-08-13 02:04, Ryan Sleevi wrote:
I just wanted to alert members of this list of a discussion that has been
started on Chromium's ct-policy@ mailing list regarding Chromium's
policies for requiring EV certificates be logged in Certificate
Transparency Logs.
Ben Laurie has started a discussion at
https://groups.google.com/a/chromium.org/d/msg/ct-policy/_p8zRz5Em3s/2_0r4YjRQ8sJ
about whether or not CAs should be permitted to redact domain names when
logging certificates. As you can see from Ben's analysis of the Baseline
Requirements and EV Guidelines, this may affect the ability of the public
to ensure that CA's are conforming to the EV Guidelines, and thus rely on
audits to ensure this.
My understanding is that this would only be fore precertificates and
that the real certificates would contain the complete name. Are there
reasons why the real certificate would not be part of the CT log?
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
