I'm somewhat confused by the following two points: >>5. By July 2014 all EV certificates with validity periods beyond [July >>2014] should be logged in at least [one] qualifying log (see below). >>6. On 1 Jan 2015 Chrome will create a whitelist of valid EV certificates >>already issued without an embedded SCT [issued by CAs participating in CT] from all qualifying logs.
If EV certificates issued prior to 1 Jan 2015 will be whitelisted, what is the purpose of point #5? Also, regarding point #7, I understand if it¹s not practical to distribute a large whitelist to mobile platforms, but IMO retroactively removing the EV indicator from existing certs rather than letting them naturally expire before enforcing CT on mobile platforms creates a bad EV experience in return for little additional transparency & security. Thanks, Wayne -----Original Message----- From: therightkey [mailto:[email protected]] On Behalf Of Ben Laurie Sent: Tuesday, February 04, 2014 10:08 AM To: CABFPub; [email protected]; [email protected] Subject: [therightkey] Updated Certificate Transparency + Extended Validation plan Enclosed, our revised plan. Comments welcome. _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
