Hi Aaron,
On Thu, 19 Jan 2023 10:34:23 -0800
"'Aaron Gable' via Certificate Transparency Policy"
The purpose of the requirement is to ensure that certificates are logged
in CT. There is no guarantee that retired logs are operating
faithfully - their private keys could literally be on Pastebin. So if
you remove the requirement that certificates contain SCTs from at least
one non-retired log, then there is effectively no longer a requirement
that certificates be logged in CT, since the SCTs could all be from
misbehaving logs that don't incorporate certificates.
You are correct that certificates could stop working in browsers if
all the SCTs go bad. This is why Apple and Chrome policy mandate
redundancy by requiring at least 2-3 (depending on certificate lifetime)
SCTs from logs that were qualified at time of certificate issuance.
This is only a baseline, and CAs are free to go above the redundancy
requirement, or always include an SCT from a log that they operate, if
they aren't comfortable with the risks.
And as I'm sure you know, there are reasons besides SCT failure why
certificates may need to be replaced on short notice, and the best
answer is more automation and standards like ACME Renewal Info.
Regards,
Andrew
--
You received this message because you are subscribed to the Google Groups "Certificate Transparency Policy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ct-policy+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/ct-policy/CAEmnErcLES1CjdmtqD8xrouGERuwRw%3DCAkxi09UHUOt%2BE6aepw%40mail.gmail.com.
Hi Aaron!
That's right -- once a log transitions to the Retired state, Chrome makes no assumptions about the integrity of the log, including before the Retirement date. For instance, the exact time of a key exposure may not be known, so Retirement needs to be able to lag behind any incident.
We do try to mitigate the risk that certificates might end up untrusted in Chrome by a log Retirement. Before making any log state changes, we analyze certificates known to us to estimate breakage, and balance that breakage against other risks to the ecosystem.
In Mammoth's case, we do not expect any immediate breakage because of the Retirement, though certificates logged to Mammoth are at a greater risk of breakage from future log state changes. Our future breakage analyses partially mitigate that risk, but we do still think that when possible, CAs should consider proactive reissuance.
Shorter-lived certificates and automated re-issuance are also a substantial mitigation, since at-risk certificates quickly turn over on their own. CAs or other logging parties can further mitigate the risk by not logging to the minimum number of logs Chrome requires -- Chrome does not enforce an upper limit on the number of SCTs provided.
Best,
Joe
--