On 24/10/12 12:16, Phillip Hallam-Baker wrote:
On Wed, Oct 24, 2012 at 6:18 AM, Ben Laurie <[email protected] <mailto:[email protected]>> wrote: On 24 October 2012 03:02, Paul Hoffman <[email protected] <mailto:[email protected]>> wrote: > [[ I changed the subject line because this should be discussed on the list *before* the meeting. It is not a separate agenda item, yet. ]] > > On Oct 23, 2012, at 6:41 PM, Phillip Hallam-Baker <[email protected] <mailto:[email protected]>> wrote: > >> One of the key issues as far as acceptability to CAs is concerned is impact on issue processes. In particular it has to be possible to deploy any experimental infrastructure without touching the certificate issue code. What? Why? Are you saying CAs can't test modified issuance code? Proposing to change that code is like you proposing to change the Google search algorithm to make CT work. Just not going to happen. That is an audited system. It has a very complex and elaborate QA. It extends across the resellers that take the orders and the CA issue center. If CT had been proposed twenty years ago it might be viable to put the proof in the cert. Any change now has to work around the existing infrastructure.
FWIW, as lead developer of Comodo's issuance code and as one of the first people to propose both the pre-cert idea [1] and the idea of embedding CT proofs in OCSP Responses [2], I intend to seek permission from Comodo Management to implement both. They might say "no", of course. ;-)
[1] http://www.ietf.org/mail-archive/web/pkix/current/msg30146.html [2] Message posted to the non-public CABForum list on 5th April 2012. <snip> -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
