On 03/11/17 23:23, Kirk Hall via Public wrote:
Entrust, Secom, Comodo, and other CAs will be asking the IETF TRANS
Working Group to revive work on a new RFC to complete specifications for
CT Domain Label Redaction (called “Redaction” for short in this
message). The new RFC would only cover technical issues and not policy
issues.
The RFC for Certificate Transparency, RFC 6962, started to address
Redaction, but never completed the work because of policy issues that
were raised about “recourse”, or how domain owners would be able to
obtain information about redacted certificates that were CT logged to
determine if they were legitimate or misissued.
This email is to lay out the course we want to follow to complete the
technical specs for Redaction in the IETF, and also to address the
recourse issues and consider appropriate changes to the Forum’s Baseline
Requirements in response.
*_1. New IETF effort on completing Redaction specifications via a new RFC_*
Tadahiko of Secom and Rob Stradling of Comodo are working on a new I-D
draft on Redaction that will be presented to the IETF TRANS Working
Group for consideration. Tadahiko will present the draft at the next
IETF meeting in Singapore in mid-November.
<snip>
Just to clarify my involvement:
Tadahiko has written an I-D [1] that focuses on some specific use cases
for domain label redaction. These are the use cases that Tadahiko is
most interested in, and so naturally these are the use cases that he
wants to talk about at IETF100 in Singapore.
The domain label redaction I-D [2] that was spun out of 6962-bis has
expired, but I would be willing to resume working on it *if* progress
can first be made on addressing the policy concerns raised by Google
last year and *if* some other folks will volunteer to help with the effort.
[1]
https://www.ietf.org/internet-drafts/draft-ito-yet-another-name-redaction-00.txt
[2] https://datatracker.ietf.org/doc/draft-strad-trans-redaction/
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
