DescriptionDefang the CT Timebomb
A timebomb existed that if the set of known CT logs goes stale,
no certificate can comply with the Certificate Transparency
policy, beause the logs may be out of date and not trustworthy. The
set of known logs goes stale 10 weeks after the build date.
While this was acceptable to cause EV certificates to downgrade to
DV certificates, this also means that certificates issued by CAs
that MUST be CT compliant also fail to work - they fail closed,
rather than fail open. In particular, certificates issued by
Symantec fail to work if it's more than 10 weeks after the build
date - in effect, the default behaviour is to distrust Symantec.
While the proper behaviour is debated - to either fail open (like
HSTS and HPKP do), treating CT as additive, or to fail closed,
treating CT as a restrictive policy that must be made - change
the code to allow an out of date build to skip the CT checks,
failing open.
BUG=664177
Committed: https://crrev.com/ec8e431e9a0f80ace76368ce7edce006f3d409f2
Cr-Commit-Position: refs/heads/master@{#431707}
Patch Set 1 #
Messages
Total messages: 8 (3 generated)
|