Hi, It is not surprising to see a member of a CA propose to expand the business market around CA's. (CAs and CA monitors).
The suggestion is reasonable, though I hazard to suggest that a copylefted reference implementation of log monitoring for some set of domain names would be a valuable contribution. Indeed the new CA monitors could use it to make a nice profit/offer a useful service: Comodo monitors Verisign who monitor GoDaddy who monitor ... You get the idea. -- Hugo Connery, Head of IT, DTU Environment, http://www.env.dtu.dk ________________________________________ From: Trans [[email protected]] on behalf of Rob Stradling [[email protected]] Sent: Thursday, 11 June 2015 13:16 To: [email protected] Cc: Matt Palmer Subject: [Trans] Log Monitoring API 6962-bis notes that: "Those who are concerned about misissue can monitor the logs, asking them regularly for all new entries, and can thus check whether domains they are responsible for have had certificates issued that they did not expect." If you act as a monitor yourself, you can be sure that the logs you're monitoring aren't misbehaving. You don't have to trust the logs. However, if you use the services of a third-party monitor instead (which I expect most domain owners would prefer to do), then you have to trust that that third-party monitor isn't hiding any certs from you. Therefore, ISTM that some domain owners might want to be able to use the services of multiple independent monitors simultaneously. To facilitate this, it would be useful to define a standard API for querying a monitor. This API would allow callers to search for certs issued to a particular domain name/space, setup notifications of (mis-)issuance, etc. Matt Palmer and I are planning to start work on a -00 draft soon. If anyone else would like to get involved, please let us know. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
