On 01/10/14 15:34, Stephen Kent wrote: <snip>
I thought the CT design makes a counter argument, i.e., that CAs are motivated to log certs because, over time, TLS clients will reject connections to servers when there is no evidence of an SCT.
Over time, yes, we hope that this will happen. But we obviously can't guarantee that, in N months/years from now, 100% of TLS clients will support CT.
if this argument is true, then having logs check for syntactic mis-issuance is a good thing.
I disagree. There is a gap between what is syntactically properly issued (according to CABF guidelines, etc) and what a typical TLS client actually accepts. If logs checked for syntactic mis-issuance, a rogue CA could exploit this gap by maliciously mis-issuing certs containing "syntax errors". CT would not reveal the attack (because the logs would refuse to issue SCTs), but TLS clients that don't reject connections when no SCT is provided would be vulnerable.
We want to provide as much "herd immunity" as possible to TLS clients that don't support CT. This means that we need all certs to be publicly logged, to maximize the chances that any (maliciously) mis-issued cert will be discovered quickly.
-- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
