You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since January 2015, Chrome has required that Extended Validation (EV) certificates be CT-compliant in order to receive EV status. In April 2018, this requirement will be extended to all newly-issued publicly-trusted certificates - DV, OV, and EV - and certificates failing to comply with this policy will not be recognized as trusted when evaluated by Chrome. Certificates issued from locally-trusted or enterprise CAs that are added by users or administrators are not subject to this requirement.
The intent is to remove the descriptive introduction and leave the normative about CT Qualified.
The subsequent paragraph contains:
In order to improve the security of the Certificate Authority (CA) ecosystem, Google Chrome may require that certificates be considered CT Qualified in order to be recognized as trusted.
For example, Chrome requires this of all certificates issued after April 2018.
The post is correct and is matched by enforcement in the Chromium codebase.
We have some drafted language updates to the policy that covers this as well as other outdated references in the policy. We'll throw up a PR and discuss on ct-policy@chromium.org soon.
Thanks for responding. I think Devon's email was pretty clear. I was referencing his email as well as this policy internally and wanted to make sure that my understanding was correct (All publicly trusted certs issued after April 2018 must be in CT) and that the policy document in this repo was the appropriate place to point folks to.
This post by Devon O'Brien states that:
Reference: https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
That post links to the policy in this repository which mentions the CT requirement for EV, doesn't not mention the DV and OV certificates.
Reference: https://github.com/chromium/ct-policy/blob/master/ct_policy.md
Should this be updated or do I misunderstand the new requirements.
CC: @sleevi
The text was updated successfully, but these errors were encountered: