CT Policy Days Discussion Topics

[TLSrUS]

CT Policy Days discussion topics - from 2/16/17 call

• How many logs must be logged to by an issuing CA?

• To which logs do we have to log?

• Do different trust stores require logging to their trust stores, and to how many others must we log?

• What is the timeline for Gossip to be completed and implemented?

• If you run your own log, what are the requirements to do so?

• What are the requirements for log redaction?

• What are the costs of logging to another vendor’s CT log?

• May there be any restrictions on USG running its own CT log?

• DigiCert may offer some level of reciprocity for logging to its log. What are the conditions for this, and do any other CT logs have similar arrangements?

• Is there any intent to make use of Special Purpose Logs (https://www.certificate-transparency.org/known-logs/#TOC-Special-Purpose-Logs) to alleviate other certificate lifecycle and management burdens? I.e., use of specialized logs for: o Revoked End Entity certificates o Revoked Intermediates/Cross-certificates o Known Weak/Compromised/Massively Reused Keys

[grandamp]

With respect to the agenda item "Presentation: CT Standardization Roadmap":

Is there any intent to make use of Special Purpose Logs to alleviate other certificate lifecycle and management burdens? I.e., use of specialized logs for:

-Revoked End Entity certificates -Revoked Intermediates/Cross-certificates -Known Weak/Compromised/Massively Reused Keys -...

[TLSrUS]

CLASSIFICATION: UNCLASSIFIED

Todd:

Thanks for the suggestion - I added your question to the other CT Log questions and issues.

bd

[lachellel]

One of the breakout sessions was on threat modeling, and these three (3) topics were all discussed:

• How many logs must be logged to by an issuing CA?
  • Varies by user agent
• To which logs do we have to log?
  • varies by user agent
• Do different trust stores require logging to their trust stores, and to how many others must we log?
  • yes, varies by user agent and trust stores

Notes will be posted and available for discussion.

Related topic to threat modeling was the collusion factor - (May there be any restrictions on USG running its own CT log?):

• How many logs can a CA operator run? For example, if 5 logs are required and the CA operator runs all 5 logs - isn't this detrimental to the diversity reason?

[debcooley]

Can you tell how many CAs and Browsers are represented?

It would be nice (and I'm sure we won't be the only ones to think this) if the browsers would standardize the number of CT logs required.

Do you know why a CA would choose to run more than one log?

Deb Cooley

[techliaison]

I didn’t count how many of each are attending, but there are log operators, people trying to run log auditor/monitoring programs as well as CAs and Browsers. I believe the “Browsers” attending include Mozilla, Apple, Microsoft and of course Google/Chrome. It sounds like so far only chrome is committed to requiring CT for all TLS certs. But some of the breakout sessions today will probably be about the question of how many logs should be required, how to deal with log lifecycle (how long it takes to get to “trusted status”, what to do if the log loses that status, how long it should be expected to be trusted, etc.)

Reasons for someone to run more than 1 log – May be related to the lifecycle concerns – the trees get very large and limiting their lifetimes may help with size & performance May want to run different logs potentially for certs with different validity periods