I'd like some elaboration on the plan for step 6, creating a whitelist of valid EV certificates without an SCT. How is this going to be achieved? Also, if we could do this, why not do it for all certificates and bootstrap CT that way? Are the parameters of EV special for this (fewer certs, better records, etc.)?
An alternate approach to a whitelist is to require SCTs for certs with a "not before" validity period after time T (presumably this requirement kicksn in around time T). With a stolen/compromised EV CA key you could still issue a fraudulent cert and backdate it, so you'd have to more strictly enforce the limits on validity periods for EV certs which I believe are 27 months in the CA/Browser forum guidelines and 39 months in the EV code-signing cert proposal. Of course this isn't attractive in that it means years before you really have protection against fraudulent EV certs. Has this approach been considered? Joe
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
