Hello Stephen, On Tue, Sep 16, 2014 at 6:22 PM, Stephen Kent <[email protected]> wrote:
> Dmitry, > > My fault. The certs with unnecessery permissions are a subject to be > Monitored, not Audited. > > no problem. > > > There is a high-level description of the Auditors here: > http://www.certificate-transparency.org/what-is-ct: > ===== > Auditors are lightweight software components that typically perform two > functions. First, they can verify that logs are behaving correctly and are > cryptographically consistent. If a log is not behaving properly, then the > log will need to explain itself or risk being shut down. Second, they can > verify that a particular certificate appears in a log. This is a > particularly important auditing function because the Certificate > Transparency framework requires that all SSL certificates be registered in > a log. If a certificate has not been registered in a log, it’s a sign that > the certificate is suspect, and TLS clients may refuse to connect to sites > that have suspect certificates. > ===== > It is not integrated as a part of neither RFC 6962 nor current draft, but > it provides a high-level explanation of the Auditors' role. > > Until this text is part of an IETF document, it doesn't enter into our > discussion :-). > > Frankly it seems a bit counterproductive to have a separate site where > info about CT is > being posted, while we try to discuss 69269-bis in this WG. > I think that the information I have quoted should either become the part of the RFC or should be removed from the site. The RFC says too little about the Auditors functions. -- SY, Dmitry Belyavsky
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
