[cabfpub] Certificate Transparency and Name Redaction

Ryan Sleevi sleevi at google.com
Thu Mar 31 19:27:01 MST 2016


I've started a thread on Chromium's Certificate Transparency mailing list
about potential policies for Chromium-based browsers related to the
redacting names in certificates.

As we've discussed in the Forum, there's a delicate balance to be struck
between the need to publicly disclose publicly trusted certificates, as
they potentially affect the entire TLS ecosystem, with the needs of domain
holders - both those who would prefer the secrecy of their domain labels,
and those who would prefer that none of their domain labels are redacted.

On behalf of the Chrome team here at Google, we would love feedback from
CAs, their customers, browsers, and other interested parties on finding an
appropriate policy to balance these concerns. To that end, feedback on the
thread, available at
https://groups.google.com/a/chromium.org/d/msg/ct-policy/vsTzv8oNcws/g96TSYPjCAAJ
, would be greatly appreciated.

Because these policies are specific to Chrome at present, we'd appreciate
discussion on the above list, rather than here, much in the same way that
discussions of Mozilla's, Apple's, and Microsoft's policies happen within
the context of their respective organizations, email aliases, and mailing
lists.

Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160331/345703c6/attachment.html 


More information about the Public mailing list