The answer to the question of what certificates they intend to CT log or not may be interesting as a point of curiosity, but the in-product CT logging requirements of certain internet browsers (Chrome, Safari) would seem to ultimately force them to CT log the certificates that are intended to be trusted by a broad set of internet browsers.
On Mon, Feb 25, 2019 at 12:01 PM rich.salz--- via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Apart from the concerns others have already raised, I am bothered by the > wording of one of the Dark Matter commitments, which says that "TLS certs > intended for public trust" will be logged. What does public trust mean? > Does it include certificates intended only for use within their country? > Those intended to be used only on a small, privately-specified, set of > recipients? > > Perhaps a better way to phrase my question is: what certs would DM issue > that would *not* be subject to their CT logging SOP? > > Is there any other trusted root that has made a similar exemption? > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy