Steve,
I would say that "...all issued certificates" does summarize the "aim"
of the CT ecosystem pretty well: in the long run, we expect TLS clients
to require CT compliance for all publicly trusted certs, meaning that
interested parties have a strong incentive for all certs to be logged.
I'm not as keen on your proposed text, TBH.
However, I realize that the "all" in "all issued certificates" is a bit
misleading when you consider the options for logging precertificates
and/or name constrained intermediates in place of actual end-entity
certs. For that reason I'd be happy to drop the word "all" from my
proposed rework of the first sentence...
"Certificate transparency aims to mitigate the problem of misissued
certificates by providing append-only logs of issued certificates."
BTW, is there a reason why we're now having this discussion only on the
mailing list, rather than continuing it where it started (i.e. on the
issue tracker, which automatically copies each message to the mailing
list) ?
On 16/11/15 16:23, Stephen Kent wrote:
Rob,
that text is much better.
how about "all issued certificates" -> "all certificates submitted by
CAs, certificate Subjects, or others."
Steve
#117: log description as "untrusted"
Comment (by [email protected]):
Steve, Linus,
Would this rework of the first two sentences work for both of you?
"Certificate transparency aims to mitigate the problem of misissued
certificates
by providing append-only logs of all issued certificates. The logs
do not
need
to be trusted because they are publicly auditable. Anyone may verify
the
correctness of each log and monitor when new certificates are added to
it."
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
