Document Action: 'Certificate Transparency' to Experimental RFC (draft-laurie-pki-sunlight-12.txt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved the following document:
- 'Certificate Transparency'
  (draft-laurie-pki-sunlight-12.txt) as Experimental RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Stephen Farrell.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-laurie-pki-sunlight/




Technical Summary

   This document describes an experimental protocol for publicly logging
   the existence of TLS certificates as they are issued or observed, in
   a manner that allows anyone to audit certificate authority activity
   and notice the issuance of suspect certificates, as well as to audit
   the certificate logs themselves.  The intent is that eventually
   clients would refuse to honor certificates which do not appear in a
   log, effectively forcing CAs to add all issued certificates to the
   logs.

   Logs are network services which implement the protocol operations for
   submissions and queries that are defined in this document.

Working Group Summary

  This is an AD sponsored document. It has been discussed on 
  therightkey@ietf.org starting in September 2012. It has undergone
  two IETF last calls, the 2nd due to the authors changing (based
  on LC comments) to request a TLS codepoint that required IETF 
  Review.  There's also a google group list. [1]

  The plan would be to allow some experimentation to happen.

  [1] https://groups.google.com/group/certificate-transparency

Document Quality

  Google have an implementation. [2] 

  The document was updated on March 20th to -09 but only
  to add some new acknowledgements and a clarification
  about error content.

  [2] http://code.google.com/p/certificate-transparency/

Personnel

   Stephen Farrell is the shepherd and AD.





[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux