21
edits
CA/CT Redaction: Difference between revisions
→Response: Add note about the problems of already discovered CA misissuances and why sublabels are important
(Update with the counter-arguments provided against this approach in the past) |
(→Response: Add note about the problems of already discovered CA misissuances and why sublabels are important) |
||
| Line 88: | Line 88: | ||
How much visibility and accountability would be lost by redaction? Redaction would hide a few domain labels in the CN and SANs, but every other DN field and every other extension would be present, allowing monitors to detect nearly all the BR-noncompliance they detect today. | How much visibility and accountability would be lost by redaction? Redaction would hide a few domain labels in the CN and SANs, but every other DN field and every other extension would be present, allowing monitors to detect nearly all the BR-noncompliance they detect today. | ||
===== Problems ===== | |||
Assessing the risk of misissuance would be significantly complicated. Consider if a single redacted certificate for '(redacted).example.com', it would not be possible to independently assess whether this is a potentially misissued certificate for 'www.example.com' (in which case, the 'example.com' owner may be proactively contacted) or whether it's a sign of an upcoming product release. | |||
For those who believe wildcards are detrimental due to enabling phishing, redaction would introduce a similar method, in the form of '(redacted).example.com' being suitable for login-phishing-page.example.com | |||
For compliance with RFC 5280, a number of CAs were detected to be improperly validating hostnames, allowing situations such as spaces or invalid characters. These would not be possible to detect with redaction. | |||
=== Redaction Reduces Visibility and Accountability to Domain Owners === | === Redaction Reduces Visibility and Accountability to Domain Owners === | ||