An update on Certificate Transparency and EV within Chrome
Ryan Sleevi
Following active discussion with the community, I'm pleased to announce Version 1.1 of the Chrome EV/CT plan, dated December 8. This update primarily seeks to provide clarification for existing requirements, while also providing a temporary relaxation of the Log Independence requirements. We encourage CAs participating in Chrome's EV program to review the updates, as well as to contribute to future discussions of updates by participating on the ct-p...@chromium.org mailing list.
You can review the entire policy at [1], or view a diff from the previous policy at [2].
Additionally, due to operational issues that have surfaced, we will not be recognizing the SSLWatcher.com Alpha log as a trusted log. This log was scheduled for inclusion in Chrome 41, having successfully completed the monitoring period required of the Certificate Transparency Log Policy [3], but it has failed to meet the ongoing requirements for log participation. While CAs may continue to use this log, it will no longer be recognized as a trusted log within Chrome, nor will it count towards log independence.
Please review the updated policy for both the temporary and ongoing independence requirements.
[1] https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/EVCTPlanDec2014edition.pdf?attredirects=0
[2] https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/EVCTPlanDec2014edition-diff.pdf?attredirects=0
[3] https://sites.google.com/a/chromium.org/dev/Home/chromium-security/certificate-transparency/log-policy
Rob Stradling
Following active discussion with the community, I'm pleased to announce Version 1.1 of the Chrome EV/CT plan, dated December 8. This update primarily seeks to provide clarification for existing requirements, while also providing a temporary relaxation of the Log Independence requirements. We encourage CAs participating in Chrome's EV program to review the updates, as well as to contribute to future discussions of updates by participating on the ct-p...@chromium.org mailing list.
You can review the entire policy at [1], or view a diff from the previous policy at [2].
Additionally, due to operational issues that have surfaced, we will not be recognizing the SSLWatcher.com Alpha log as a trusted log.
Matt, I hope you're not too discouraged. I'd like to thank you for your efforts, both as a log implementer and as a log operator. It's great that your independent log server implementation exists. I hope you'll keep improving your code and that you'll spin up another log (or apply for (re-)inclusion of Alpha?) in due course.
This log was scheduled for inclusion in Chrome 41, having successfully completed the monitoring period required of the Certificate Transparency Log Policy [3], but it has failed to meet the ongoing requirements for log participation. While CAs may continue to use this log, it will no longer be recognized as a trusted log within Chrome, nor will it count towards log independence.
Please review the updated policy for both the temporary and ongoing independence requirements.
[1] https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/EVCTPlanDec2014edition.pdf?attredirects=0
[2] https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/EVCTPlanDec2014edition-diff.pdf?attredirects=0
[3] https://sites.google.com/a/chromium.org/dev/Home/chromium-security/certificate-transparency/log-policy
--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To post to this group, send email to ct-p...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/CACvaWvYX0nS5%2BC2yBUQ0JWhw8dhgZtSn6OkJ8Ao6W7CZ_Xk-vg%40mail.gmail.com.