On Tue, Jun 09, 2015 at 12:00:23PM -0700, Rick Andrews wrote: > On Tuesday, June 9, 2015 at 7:45:05 AM UTC-7, Kurt Roeckx wrote: > > On 2015-06-09 15:26, Peter Kurrasch wrote: > > > 3) How frequently might such tools run? Or to put it differently, how > > > much time do I probably have between when I issue a gmail cert and when > > > someone figures it out (and of course how much longer before my > > > illegitimate cert is no longer valid)? I need only 24 hours to do all the > > > damage I want, but in a pinch I'll make do with 8. > > > > CT allows to store precertificate. That is, the CA says it intents to > > issue a certificate. Should we mandate the use of precertificates and a > > minimum time between the precertificate and the real certificate? > > > > > > Kurt > > Absolutely not. If a CA is unable to get the required minimum number of SCTs, > it will likely not issue the cert (sure, it may retry, but it's possible that > retries fail too). Logging must be seen as intent, but not a guarantee of > issuance.
I'm not sure I understand what you're saying. First, I don't understand your thing about a minimum number of STCs. I wasn't talking about a minimum amount of SCTs between them. The signed certificate timestamp (SCT) has, as the name implies, a timestamp. I'm saying that we could require a minimum time between the timestamp from the precertificate and the certificate. I also didn't say anything about guaranteeing issuance. The whole point is that we could detect that a wrong one could be issued and that we can avoid the issuance. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy