136
edits
CA/CT Redaction: Difference between revisions
→Logging Reveals Commercially Sensitive Information: Added bullets
(→Logging Reveals Commercially Sensitive Information: Added threat of revealing new services) |
(→Logging Reveals Commercially Sensitive Information: Added bullets) |
||
| Line 45: | Line 45: | ||
=== Logging Reveals Commercially Sensitive Information === | === Logging Reveals Commercially Sensitive Information === | ||
Manufacturers using IoT certificates won't want to show the number of devices they have shipped, and redaction may help keep this information private. | * Manufacturers using IoT certificates won't want to show the number of devices they have shipped, and redaction may help keep this information private. | ||
* Competitors scanning CT logs could infer new product/service offerings prior to their public release. | |||
Competitors scanning CT logs could infer new product/service offerings prior to their public release. | |||
===== Response ===== | ===== Response ===== | ||
How? even if we grant for the sake of discussion that counting certificates is a good way of determining how many devices are shipped, redaction won't change the number of certificates logged. | * How? even if we grant for the sake of discussion that counting certificates is a good way of determining how many devices are shipped, redaction won't change the number of certificates logged. | ||
* Wildcard certificates would suffice for new unreleased services even when being tested publicly. Those could be replaced with fully-qualified certificates (including EV if desired) when the service is announced. | |||
Wildcard certificates would suffice for new unreleased services even when being tested publicly. Those could be replaced with fully-qualified certificates (including EV if desired) when the service is announced. | |||
=== Logging Reveals Personally Identifiable Information === | === Logging Reveals Personally Identifiable Information === | ||