Re: [Trans] SCT encoding

Thu, 26 Feb 2015 12:39:26 -0800 

Ben,



My thinking is that:


1. There is concern, generally, about the size of certificates (really 
about the size of handshakes).

That concern varies a lot, depending on context. I don't agree that this 
is a universal, major
concern. Look at JSON; it's use of XML encoding suggests no concern 
about bloat in a web context.



2. Embedding SCTs in certs leads to more bloat than either OCSP 
stapling or the TLS extension because the SCTs cannot be updated, and 
so more are required (see Chrome's EV/CT policy).

I am not familiar with Chrome's EV/CT policy, and I think you argued 
that what Google has chosen to
do is out of scope, in the context of a prior argument in TRANS. Anyway, 
absent a spec for TLS client

behavior, one cannot discuss the need to update SCTs, right?

3. Embedding SCTs in certs runs the risk that the SCTs will become 
invalid before the cert does.

until we have a precise description of how a client will deal with an 
invalid SCT, we can't
really evaluate the implications of this potential mismatch. Also, what 
causes an SCT to become

invalid?.

4. Certs are not generally updated before expiry.

agreed.

5. Stapled OCSP requires the CA, the webserver and the CT logs to be 
actively involved.

agreed. which gets back to my question from several months ago as to why 
we have 3 ways

of signalling SCT info.

6. The TLS extension only requires the webserver and the CT logs to be 
actively involved.

agreed, if the web serer operator submits the cert to the log.

7. All three mechanisms can be made essentially automatic from the 
webservers POV.

This point, in conjunction with #5, sounds like you're trying to have it 
both ways :-).



Lots of things can be made automatic, with the right support software. 
In the IETF
we often try (though we do not always succeed) to limit the number of 
mandatory to
support ways to do the same thing. That's why I questioned the 
specification of OCSP

delivery of SCT data, plus pre-certs plus TLS handshake delivery.

So, I would expect in the long run that the TLS extension would be the 
favoured option.

Maybe. But, as I noted, if CAs have already gone to the trouble of 
embedding SCT data in
certs, and if this is free for web site operators, there seems to be 
more inertia than

motivation to change, from the perspective of operators.

Steve

_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans






















					Reply via email to