Hi Ben. There is interest at Comodo. I would like to participate in a
CT WG.
On 06/09/12 15:32, Ben Laurie wrote:
Would people be interested in starting a WG on Certificate
Transparency? If so, how about a BoF in Atlanta?
Here's a draft charter...
CT IETF WG Draft Charter
Objective
Specify mechanisms and techniques that allow Internet applications to
monitor and verify the issuance of public X.509 certificates such that
all public issued certificates are available to applications, and each
certificate seen by an application can be efficiently shown to be in
the log of issued certificates. Furthermore, it should be possible to
cryptographically verify the correct operation of the log.
Optionally, do the same for certificate revocations.
Problem Statement
Currently it is possible for any CA to issue a certificate for any
site without any oversight. This has led to some high profile
mis-issuance of certificates, such as by DigiNotar, a subsidiary of
VASCO Data Security International, in July 2011
(http://www.vasco.com/company/about_vasco/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx).
The aim is to make it possible to detect such mis-issuance promptly
through the use of a public log of all public issued certificates.
Domain owners can then monitor this log and, upon detecting
mis-issuance, take appropriate action.
This public log must also be able to efficiently demonstrate its own
correct operation, rather than introducing yet another party that must
be trusted into the equation.
Clients should also be able to efficiently verify that certificates
they receive have indeed been entered into the public log.
For revocations, the aim would be similar: ensure that revocations are
as expected, that clients can efficiently obtain the revocation status
of a certificate and that the log is operating correctly.
Also, in both cases, the solution must be usable by browsers - this
means that it cannot add any round trips to page fetches, and that any
data transfers that are mandatory are of a reasonable size.
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
