On Tue, Apr 18, 2017 at 1:32 PM, Jakob Bohm via dev-security-policy < [email protected]> wrote:
> I believe the point was to check the prospective contents of the > TBSCertificate *before* CT logging (noting that Ryan Sleevi has been > violently insisting that failing to do that shall be punished as > harshly as actual misissuance) and *before* certificate signing. > While I appreciate the explicit callout as much as anyone, I think it's a mischaracterization to state "violently". Have I suggested actual violence? Whether you personally agree with it or not, I should note https://wiki.mozilla.org/CA:Symantec_Issues#Issue_J:_SHA-1_Issuance_After_Deadline.2C_Again_.28February_2016.29 "(The CT RFC states that issuance of a pre-certificate is considered equivalent to issuance of the certificate, and so Mozilla considers that pre-certificate misissuance is misissuance.)" > Thus the checks would have to occur before signing, but it would still > be useful (architecturally) to run the checks without the ability to > change the request (other than to reject it with an error message). > Such separation will however have non-zero cost as the prospective > TBSCertificate or its description needs to be passed between additional > processes. > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
