Fwd: New Version Notification for draft-laurie-pki-sunlight-02.txt
19 views
Skip to first unread message
Ben Laurie
Oct 18, 2012, 2:26:57 PM10/18/12
to certificate-...@googlegroups.com, theri...@ietf.org
---------- Forwarded message ----------
From: <interne...@ietf.org>
Date: 18 October 2012 18:19
Subject: New Version Notification for draft-laurie-pki-sunlight-02.txt
To: be...@google.com
Cc: eka...@google.com, a...@google.com
A new version of I-D, draft-laurie-pki-sunlight-02.txt
has been successfully submitted by Ben Laurie and posted to the
IETF repository.
Filename: draft-laurie-pki-sunlight
Revision: 02
Title: Certificate Transparency
Creation date: 2012-10-18
WG ID: Individual Submission
Number of pages: 19
URL:
http://www.ietf.org/internet-drafts/draft-laurie-pki-sunlight-02.txt
Status: http://datatracker.ietf.org/doc/draft-laurie-pki-sunlight
Htmlized: http://tools.ietf.org/html/draft-laurie-pki-sunlight-02
Diff: http://www.ietf.org/rfcdiff?url2=draft-laurie-pki-sunlight-02
Abstract:
The aim of Certificate Transparency is to have every public end-
entity and intermediate TLS certificate issued by a known Certificate
Authority recorded in one or more certificate logs. In order to
detect mis-issuance of certificates, all logs are publicly auditable.
In particular, domain owners or their agents will be able to monitor
logs for certificates issued on their own domain.
To protect clients from unlogged mis-issued certificates, logs sign
all recorded certificates, and clients can choose not to trust
certificates that are not accompanied by an appropriate log
signature. For privacy and performance reasons log signatures are
embedded in the TLS handshake via the TLS authorization extension
[RFC5878], or in the certificate itself via an X.509v3 certificate
extension [RFC5280].
To ensure a globally consistent view of the log, logs also provide a
global signature over the entire log. Any inconsistency of logs can
be detected through cross-checks on the global signature.
Consistency between any pair of global signatures, corresponding to
snapshots of the log at different times, can be efficiently shown.
Logs are only expected to certify that they have seen a certificate,
and thus we do not specify any revocation mechanism for log
signatures in this document. Logs are append-only, and log
signatures will be valid indefinitely.
The IETF Secretariat
From: <interne...@ietf.org>
Date: 18 October 2012 18:19
Subject: New Version Notification for draft-laurie-pki-sunlight-02.txt
To: be...@google.com
Cc: eka...@google.com, a...@google.com
A new version of I-D, draft-laurie-pki-sunlight-02.txt
has been successfully submitted by Ben Laurie and posted to the
IETF repository.
Filename: draft-laurie-pki-sunlight
Revision: 02
Title: Certificate Transparency
Creation date: 2012-10-18
WG ID: Individual Submission
Number of pages: 19
URL:
http://www.ietf.org/internet-drafts/draft-laurie-pki-sunlight-02.txt
Status: http://datatracker.ietf.org/doc/draft-laurie-pki-sunlight
Htmlized: http://tools.ietf.org/html/draft-laurie-pki-sunlight-02
Diff: http://www.ietf.org/rfcdiff?url2=draft-laurie-pki-sunlight-02
Abstract:
The aim of Certificate Transparency is to have every public end-
entity and intermediate TLS certificate issued by a known Certificate
Authority recorded in one or more certificate logs. In order to
detect mis-issuance of certificates, all logs are publicly auditable.
In particular, domain owners or their agents will be able to monitor
logs for certificates issued on their own domain.
To protect clients from unlogged mis-issued certificates, logs sign
all recorded certificates, and clients can choose not to trust
certificates that are not accompanied by an appropriate log
signature. For privacy and performance reasons log signatures are
embedded in the TLS handshake via the TLS authorization extension
[RFC5878], or in the certificate itself via an X.509v3 certificate
extension [RFC5280].
To ensure a globally consistent view of the log, logs also provide a
global signature over the entire log. Any inconsistency of logs can
be detected through cross-checks on the global signature.
Consistency between any pair of global signatures, corresponding to
snapshots of the log at different times, can be efficiently shown.
Logs are only expected to certify that they have seen a certificate,
and thus we do not specify any revocation mechanism for log
signatures in this document. Logs are append-only, and log
signatures will be valid indefinitely.
The IETF Secretariat
Reply all
Reply to author
Forward
0 new messages