On Mon, Jan 7, 2019 at 6:05 AM Rob Stradling <[email protected]> wrote:
> On 02/01/2019 22:40, Wayne Thayer via dev-security-policy wrote: > <snip> > > Yes, the idea is that CT could remove the need to enforce intermediate > > disclosures via policy. > > Hi Wayne. That seems at odds with (my understanding of) the purpose of > the disclosure requirement. > > The relevant phrase in the Mozilla Root Store Policy is "publicly > disclosed and audited". The CCADB captures audit information, whereas > CT logs do not. > > How would Mozilla check that a CT-logged intermediate is covered by an > appropriate audit, if the CA is no longer required to disclose that > information to the CCADB? > > That is a valid point, and combined with Ryan and Kurt's comments about option #4, seems to eliminate CT as a replacement for the intermediate disclosure requirement. I believe that our aim should be to force disclosure before an intermediate can be used successfully in Firefox, not to render an intermediate that is discovered prior to disclosure unusable.Option #2 (immediately and permanently add undisclosed intermediates to OneCRL) also relies on discovery of the undisclosed intermediate and some mechanism for automatically loading it into OneCRL, and that makes it fragile - especially when Jacob's proposed modifications are added in to the mix. I think Ryan's second choice of option 1 (treat non-disclosure as an incident) plus option 3 (enforce disclosure in Firefox via intermediate preloading) is the best approach to enforcing Mozilla's intermediate disclosure policy. Unless there are additional comments, I will plan to recommend that Mozilla implement option 3 once intermediate preloading has been deployed. Thanks everyone for your input on this topic. - Wayne _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
