Open tsellers-r7 opened 6 years ago
The intent is to remove the descriptive introduction and leave the normative about CT Qualified.
The subsequent paragraph contains:
In order to improve the security of the Certificate Authority (CA) ecosystem, Google Chrome may require that certificates be considered CT Qualified in order to be recognized as trusted.
For example, Chrome requires this of all certificates issued after April 2018.
CC’ing @devonobrien in case he isn’t subscribed to all alerts.
The post is correct and is matched by enforcement in the Chromium codebase.
We have some drafted language updates to the policy that covers this as well as other outdated references in the policy. We'll throw up a PR and discuss on ct-policy@chromium.org soon.
Thanks for responding. I think Devon's email was pretty clear. I was referencing his email as well as this policy internally and wanted to make sure that my understanding was correct (All publicly trusted certs issued after April 2018 must be in CT) and that the policy document in this repo was the appropriate place to point folks to.
This post by Devon O'Brien states that:
Reference: https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
That post links to the policy in this repository which mentions the CT requirement for EV, doesn't not mention the DV and OV certificates.
Reference: https://github.com/chromium/ct-policy/blob/master/ct_policy.md
Should this be updated or do I misunderstand the new requirements.
CC: @sleevi