Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Further explain SCITT analogy to RFC9162 CT entities and processes #301

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Further explain SCITT analogy to RFC9162 CT entities and processes #301

wants to merge 1 commit into from

Conversation

aj-stein-nist
Copy link
Collaborator

Closes #263.

@aj-stein-nist aj-stein-nist self-assigned this Aug 7, 2024
@aj-stein-nist aj-stein-nist linked an issue Aug 7, 2024 that may be closed by this pull request
CT: Signed Certificate Timestamps are checked by Relying Parties #263
Open
@aj-stein-nist aj-stein-nist mentioned this pull request Aug 7, 2024
Open
SteveLasker
SteveLasker requested changes Sep 3, 2024
View reviewed changes
Copy link
Collaborator

@SteveLasker SteveLasker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approve with minor nit on 319

draft-ietf-scitt-architecture.md
@@ -316,7 +316,7 @@ Considering CT in terms of SCITT:
- CAs (Issuers) sign the ASN.1 DER encoded tbsCertificate structure to produce an X.509 certificate (Signed Statements)
- CAs submit the certificates to one or more CT logs (Transparency Services)
- CT logs produce Signed Certificate Timestamps (Transparent Statements)
- Signed Certificate Timestamps are checked by Relying Parties
- Signed Certificate Timestamps, Signed Tree Heads, and their respective consistency proofs are checked by Relying Parties
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The arch doc doesn't discuss Signed Tree Heads. Proposing:

Suggested change
- Signed Certificate Timestamps, Signed Tree Heads, and their respective consistency proofs are checked by Relying Parties
- Signed Certificate Timestamps and their respective consistency proofs are checked by Relying Parties

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Steve, Does this mean a Transparency Service provider MUST check Signed Certificate Timestamps and their respective consistency proofs?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, @rjb4standards:

consistency proofs are checked by Relying Parties

questions if "are" is a MUST, SHOULD, COULD, or just a passive reference.

As this is the "Definition of Transparency" section, I would read this as an example and IMO, I'm ok with it not being more restrictive. For that matter, x.509 is not required, so I wouldn't take this further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rjb4standards rjb4standards rjb4standards left review comments

@SteveLasker SteveLasker SteveLasker requested changes

@henkbirkholz henkbirkholz Awaiting requested review from henkbirkholz henkbirkholz is a code owner

@ad-l ad-l Awaiting requested review from ad-l ad-l is a code owner

@fournet fournet Awaiting requested review from fournet fournet is a code owner

@yogeshbdeshpande yogeshbdeshpande Awaiting requested review from yogeshbdeshpande yogeshbdeshpande is a code owner

@JAG-UK JAG-UK Awaiting requested review from JAG-UK JAG-UK is a code owner

@OR13 OR13 Awaiting requested review from OR13 OR13 is a code owner

Assignees

@aj-stein-nist aj-stein-nist

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CT: Signed Certificate Timestamps are checked by Relying Parties
3 participants
@aj-stein-nist @rjb4standards @SteveLasker