On 12/06/15 10:05, Matt Palmer wrote:
Hi Stephen,
On Thu, Jun 11, 2015 at 05:40:55PM -0400, Stephen Kent wrote:
Rob,
To facilitate this, it would be useful to define a standard API for
querying a monitor. This API would allow callers to search for certs
issued to a particular domain name/space, setup notifications of
(mis-)issuance, etc.
I'm always in favor of interface standards, but this is not the sort of
API I would have imagined. I've thought that one might want a standard
way for a client of a Monitor to submit the info needed for the Monitor to
"protect" the client: a set Subject names/SANs, a set of public keys
associated with each Subject/SAN, and a way to inform the client when a
cert is logged that does not match the supplied info. One also should be
able to include an indication of what cert profile these certs are
supposed to match, e.g., DV, EV, SMIME, IPsec, ...
I believe that comes under Rob's very general point of "setup notifications
for (mis-)issuance".
Yep. Thanks Matt.
I certainly intend to try and provide means for
specifying as much detail as possible to assist in detecting misissuance.
Consider this my contribution to your draft.
Thanks for your input. It's good to know that someone else thinks it would
be useful to be able to manipulate notifications programmatically.
- Matt
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
