> I share your skepticism, but i'm still trying to salvage something
useful -- for the purpose of defending against CA malfeasance -- from
the mechanisms we have available.
For that, you mainly want certificate transparency, no?
> If certificate validation is the process of confirming what a CA says,
then a CA that has said "this certificate should not be considered valid
unless you also have a reasonable proof of freshness" is pretty
unequivocal.
While I like this sentiment, I think there are a couple of arguments against
it. First, there's the ever-present escape hatch of out of band, or local
policy. Second, there is the history of poor behavior by some CA's, which leads
to the primary user agent (browsers, or perhaps TLS runtimes) not being able to
just completely trust them. Perhaps that historic era has passed, and it is
time for user agents to end their probation of CA's? Not for me to say.
> But once you're ignoring what the CA actually wrote
and signed in the certificate, you're on your own.
It's not that I'm on my own, but that the user agent is deciding. Now, I grant
that the vast majority of users are not capable of making a decision, let alone
an informed one, but I think it might be useful for us to keep phrasing things
in terms of user agent.
> The choice about whether to require stapling or not _is_ a policy
> decision relevant not only to server operators, but also relying
> parties, and can be easily abused by CAs if given that lever.
What kind of abuse are you anticipating here? can you spell it out in
more detail?
+1 I suppose they could DoS their own customers, or upcharge them or something.
And +1 to getting answers to the rest of DKG's questions. In theory, this note
shouldn't need any reply :)
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
