On 24 October 2012 12:25, Rob Stradling <[email protected]> wrote: > On 24/10/12 12:16, Phillip Hallam-Baker wrote: >> >> >> On Wed, Oct 24, 2012 at 6:18 AM, Ben Laurie <[email protected] >> <mailto:[email protected]>> wrote: >> >> On 24 October 2012 03:02, Paul Hoffman <[email protected] >> <mailto:[email protected]>> wrote: >> > [[ I changed the subject line because this should be discussed on >> the list *before* the meeting. It is not a separate agenda item, yet. >> ]] >> > >> > On Oct 23, 2012, at 6:41 PM, Phillip Hallam-Baker >> <[email protected] <mailto:[email protected]>> wrote: >> > >> >> One of the key issues as far as acceptability to CAs is >> concerned is impact on issue processes. In particular it has to be >> possible to deploy any experimental infrastructure without touching >> the certificate issue code. >> >> What? Why? Are you saying CAs can't test modified issuance code? >> >> Proposing to change that code is like you proposing to change the Google >> search algorithm to make CT work. Just not going to happen. >> >> That is an audited system. It has a very complex and elaborate QA. It >> extends across the resellers that take the orders and the CA issue center. >> >> If CT had been proposed twenty years ago it might be viable to put the >> proof in the cert. Any change now has to work around the existing >> infrastructure. > > > FWIW, as lead developer of Comodo's issuance code and as one of the first > people to propose both the pre-cert idea [1] and the idea of embedding CT > proofs in OCSP Responses [2], I intend to seek permission from Comodo > Management to implement both. They might say "no", of course. ;-)
Good to hear. We now have a test log server up, so any time you're ready :-) > [1] http://www.ietf.org/mail-archive/web/pkix/current/msg30146.html > [2] Message posted to the non-public CABForum list on 5th April 2012. > > <snip> > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
