msw/draft-weidner-catalog-rr-ext
SHA256
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: msw:cc371222760131513650949a0f0101570fd6a65808859102c43b657458697dc1
Branches Tags
msw:master
...
compare: msw:28edc9e99f5ce3bdf057be106cd07f04f060ce516a9a78674879715719c86bfb
Branches Tags
msw:master

2 Commits
cc37122276 ... 28edc9e99f

Author SHA256 Message Date
Marc S. Weidner
28edc9e99f V1.00.128.2025.06.03
All checks were successful
Render RFCXML to PDF. / Render RFCXML to PDF. (push) Successful in 1m8s
Details 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 19:53:06 +02:00
Marc S. Weidner
5ba1fa34ff V1.00.128.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
 2025-06-03 19:47:44 +02:00
1 changed files with 11 additions and 7 deletions
Expand all files Collapse all files

18
draft-weidner-catalog-rr-ext-00.rfc.xml
View File

@@ -32,7 +32,11 @@
<organization>Centurion Intelligence Consulting Agency <organization>Centurion Intelligence Consulting Agency
</organization> </organization>
<address> <address>
<phone>+1 (202) 992 1702</phone> <postal>
<city>Lisboa</city>
<country>PT</country>
</postal>
<phone>+1 (202) 992 1702</phone>
<email>rfc.editor@coresecret.eu</email> <email>rfc.editor@coresecret.eu</email>
<uri>https://coresecret.eu/</uri> <uri>https://coresecret.eu/</uri>
</address> </address>
@@ -137,8 +141,8 @@
<section> <section>
<name>CATALOG approach</name> <name>CATALOG approach</name>
<t>Currently, there is no standardized, discoverable mechanism in DNS for a domain owner to declare, which <t>Currently, there is no standardized, discoverable mechanism in DNS for a domain owner to declare, which
Certificate Transparency (CT) Logs must or may record its Certificates. Certificate Transparency (CT) Logs must or may record its Certificates. As a result, CAs rely on
As a result, CAs rely on out-of-band configurations or hard-coded lists, out-of-band configurations or hard-coded lists,
increasing operational complexity and expanding the attack surface. increasing operational complexity and expanding the attack surface.
</t> </t>
<section> <section>
@@ -1247,10 +1251,10 @@ https://caa-ct-sts.<domain>.<tld>/.well-known/caa-ct-sts.txt
</t> </t>
</section> </section>
<section anchor="redundancy"> <section anchor="redundancy">
<name>Policy Redundancy Considerations |𝑪| ≥ 𝑛 + 1 ∧ |𝑾| ≤ 2</name> <name>Policy Redundancy Considerations</name>
<t>Let 𝐶 be the number of critical CT-Logs and 𝑊 be the number of whitelisted (non-critical) CT-Logs, <t>Let c be the number of critical CT-Logs and w be the number of whitelisted (non-critical) CT-Logs,
then the following expression is strongly <strong>RECOMMENDED</strong>: then the following expression is strongly <strong>RECOMMENDED</strong>:
|𝑪| ≥ 𝑛 + 1 ∧ |𝑾| ≤ 2 |c| ≥ n + 1 ∧ |w| ≤ 2
</t> </t>
<t>While the "critical=true" flag in the CAA <strong>"issuect"</strong> Parameter enforces that every <t>While the "critical=true" flag in the CAA <strong>"issuect"</strong> Parameter enforces that every
Certificate issuance must be logged to all specified CT-Logs, this strict requirement can introduce Certificate issuance must be logged to all specified CT-Logs, this strict requirement can introduce
@@ -2061,7 +2065,7 @@ echo "${JSON}" | awk -v OWN="${OWN_DOMAIN}" -v CA="${CAA_DOMAIN}" -v CRIT="${CRI
improved the technical clarity and robustness of this draft. Their objective and insightful feedback has been improved the technical clarity and robustness of this draft. Their objective and insightful feedback has been
invaluable in refining the specification. invaluable in refining the specification.
</t> </t>
<contact fullname="André Horst Zimnol" initials="A. H." <contact fullname="Andre Horst Zimnol" initials="A. H."
surname="Zimnol"> surname="Zimnol">
<organization>Private Contributor</organization> <organization>Private Contributor</organization>
<address> <address>