Opened 8 years ago

Closed 7 years ago

#21 closed defect (fixed)

Clarify signature checking purpose and mechanism

Reported by: benl@… Owned by: eranm@…
Priority: major Milestone:
Component: rfc6962-bis Version:
Severity: - Keywords:
Cc:

Description

Signatures on submissions are checked to mitigate spam. Make this clear, and perhaps specify a currently-ok set of minimal checks.

Change History (4)

comment:1 Changed 7 years ago by eranm@…

Comments from trans wg meeting at IETF 90:
Steve Kent: A minimal set of checks is not sufficient. We should specify "the" set of checks. Allowing additional checks beyond a minimal subset leads to variation which you don't want.
Ben Laurie: Sounds reasonable.
Leif Johanson: What about if someone with a valid certificate tries to put it in after someone has already put in an invalid certificate.
Ben Laurie: Inclusion in the log doesn't say anything about the validity. The only check is to ensure that the signature chains to a valid CA.
Daniel Kahl Gilmore: From an auditing perspecive, would rather have a bad certificate in the log so we can find it.

Suggestion:
document the exact set of checks that the log does, which is signature validations on the chain.

comment:2 Changed 7 years ago by eranm@…

(1) The "Informal Introduction" section explains why checking signatures over the chain is necessary.
(2) We've proposed language to clarify which certificates must be accepted by logs (logs may accept additional certificates but that is not required or guaranteed).

Out for review:
https://github.com/google/certificate-transparency-rfcs/pull/14

comment:3 Changed 7 years ago by eranm@…

  • Owner changed from draft-ietf-trans-rfc6962-bis@… to eranm@…

comment:4 Changed 7 years ago by eranm@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.