On Wed, Aug 13, 2014 at 09:32:38AM +0200, Kurt Roeckx wrote: > On 2014-08-13 02:04, Ryan Sleevi wrote: > >I just wanted to alert members of this list of a discussion that has been > >started on Chromium's ct-policy@ mailing list regarding Chromium's > >policies for requiring EV certificates be logged in Certificate > >Transparency Logs. > > > >Ben Laurie has started a discussion at > >https://groups.google.com/a/chromium.org/d/msg/ct-policy/_p8zRz5Em3s/2_0r4YjRQ8sJ > >about whether or not CAs should be permitted to redact domain names when > >logging certificates. As you can see from Ben's analysis of the Baseline > >Requirements and EV Guidelines, this may affect the ability of the public > >to ensure that CA's are conforming to the EV Guidelines, and thus rely on > >audits to ensure this. > > My understanding is that this would only be fore precertificates and > that the real certificates would contain the complete name. Are > there reasons why the real certificate would not be part of the CT > log?
My understanding of the utility of redacted precertificates is that the actual certificate will never see the light of the wider Internet. These redacted certificates are for internal use by organisations that want a certificate that their browsers will automatically trust (without the need to install a local trust root), but which they *don't* want to disclose to the entire Internet (it's a rationale that's roughly comparable to the reasoning behind split-horizon DNS -- withhold internal architecture information from attackers). The reason why you still need to obtain SCTs for those certificates is because browsers, in a fully-CT-enabled world, won't trust a certificate which doesn't contain or otherwise present valid SCTs. Except to get the SCT, you need to publicise the certificate, which is what organisations which get a "private" certificate want to avoid in the first place. Personally, I'm ambivalent on the whole issue of redacted precertificates, but then I've run private CAs for so long and so often that I'm somewhat inured to the pain of adding local trust roots where needed. I also don't subscribe to the theory that withholding internal names provides a worthwhile security benefit. However, I'm also very keen to see CT become widely adopted, and if not being able to publish certificates because they contain internal names is a showstopper, I'll live with the (significant) ugliness in browser implementation that results (most of the complexity in handling redacted precertificates falls to the browsers to do the comparison between the redacted precertificate in the log and the real certificate being presented by the server). The log implementation doesn't change at all, and there's only minor modifications needed for auditors and monitors. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy