[cabfpub] [therightkey] Updated Certificate Transparency + Extended Validation plan

Ben Laurie benl at google.com
Wed Feb 5 12:44:36 UTC 2014


On 5 February 2014 01:47, Wayne Thayer <wthayer at godaddy.com> wrote:
> I'm somewhat confused by the following two points:
>
>>>5. By July 2014 all EV certificates with validity periods beyond [July
>>>2014] should be logged in
> at least [one] qualifying log (see below).
>>>6. On 1 Jan 2015 Chrome will create a whitelist of valid EV certificates
>>>already issued without
> an embedded SCT [issued by CAs participating in CT] from all qualifying
> logs.
>
> If EV certificates issued prior to 1 Jan 2015 will be whitelisted, what is
> the purpose of point #5?

Sorry, this wasn't particularly clear. By "logged in a qualifying log"
we meant also that the certificate should include an appropriate
number of SCTs. The whitelist _may_ not include certificates issued
after July 2014.



More information about the Public mailing list