< draft-ietf-trans-rfc6962-bis-23.txt		draft-ietf-trans-rfc6962-bis-24.txt >
	TRANS (Public Notary Transparency)		TRANS (Public Notary Transparency) B. Laurie
	Internet-Draft		Internet-Draft A. Langley
	Obsoletes: 6962 (if approved)		Obsoletes: 6962 (if approved) E. Kasper
	Intended status: Standards Track		Intended status: Standards Track E. Messeri
	Expires: June 24, 2017 Google		Expires: July 2, 2017 Google
			R. Stradling
	Comodo		Comodo
	December 21, 2016		December 29, 2016
	Certificate Transparency Version 2.0		Certificate Transparency Version 2.0
	draft-ietf-trans-rfc6962-bis-23		draft-ietf-trans-rfc6962-bis-24
	Abstract		Abstract
	This document describes version 2.0 of the Certificate Transparency		This document describes version 2.0 of the Certificate Transparency
	(CT) protocol for publicly logging the existence of Transport Layer		(CT) protocol for publicly logging the existence of Transport Layer
	Security (TLS) server certificates as they are issued or observed, in		Security (TLS) server certificates as they are issued or observed, in
	a manner that allows anyone to audit certification authority (CA)		a manner that allows anyone to audit certification authority (CA)
	activity and notice the issuance of suspect certificates as well as		activity and notice the issuance of suspect certificates as well as
	to audit the certificate logs themselves. The intent is that		to audit the certificate logs themselves. The intent is that
	eventually clients would refuse to honor certificates that do not		eventually clients would refuse to honor certificates that do not
	skipping to change at page 1, line 45 ¶		skipping to change at page 1, line 45 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on June 24, 2017.		This Internet-Draft will expire on July 2, 2017.
	Copyright Notice		Copyright Notice
	Copyright (c) 2016 IETF Trust and the persons identified as the		Copyright (c) 2016 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 8, line 37 ¶		skipping to change at page 8, line 37 ¶
	Given an ordered list of n inputs to the tree, D[n] = {d(0), ...,		Given an ordered list of n inputs to the tree, D[n] = {d(0), ...,
	d(n-1)}, the Merkle inclusion proof PATH(m, D[n]) for the (m+1)th		d(n-1)}, the Merkle inclusion proof PATH(m, D[n]) for the (m+1)th
	input d(m), 0 <= m < n, is defined as follows:		input d(m), 0 <= m < n, is defined as follows:
	The proof for the single leaf in a tree with a one-element input list		The proof for the single leaf in a tree with a one-element input list
	D[1] = {d(0)} is empty:		D[1] = {d(0)} is empty:
	PATH(0, {d(0)}) = {}		PATH(0, {d(0)}) = {}
	For n > 1, let k be the largest power of two smaller than n. The		For n > 1, let k be the largest power of two smaller than n. The
	proof for the (m+1)th element d(m) in a list of n > m elements is		proof for the (m+1)th element d(m) in a list of n > m elements is
	then defined recursively as		then defined recursively as
	PATH(m, D[n]) = PATH(m, D[0:k]) : MTH(D[k:n]) for m < k; and		PATH(m, D[n]) = PATH(m, D[0:k]) : MTH(D[k:n]) for m < k; and
	PATH(m, D[n]) = PATH(m - k, D[k:n]) : MTH(D[0:k]) for m >= k,		PATH(m, D[n]) = PATH(m - k, D[k:n]) : MTH(D[0:k]) for m >= k,
	where : is concatenation of lists and D[k1:k2] denotes the length (k2		where : is concatenation of lists and D[k1:k2] denotes the length (k2
	- k1) list {d(k1), d(k1+1),..., d(k2-1)} as before.		- k1) list {d(k1), d(k1+1),..., d(k2-1)} as before.
	skipping to change at page 9, line 42 ¶		skipping to change at page 9, line 42 ¶
	for which PROOF was requested, and the subtree Merkle Tree Hash		for which PROOF was requested, and the subtree Merkle Tree Hash
	MTH(D[0:m]) is known):		MTH(D[0:m]) is known):
	SUBPROOF(m, D[m], true) = {}		SUBPROOF(m, D[m], true) = {}
	Otherwise, the subproof for m = n is the Merkle Tree Hash committing		Otherwise, the subproof for m = n is the Merkle Tree Hash committing
	inputs D[0:m]:		inputs D[0:m]:
	SUBPROOF(m, D[m], false) = {MTH(D[m])}		SUBPROOF(m, D[m], false) = {MTH(D[m])}
	For m < n, let k be the largest power of two smaller than n. The		For m < n, let k be the largest power of two smaller than n. The
	subproof is then defined recursively.		subproof is then defined recursively.
	If m <= k, the right subtree entries D[k:n] only exist in the current		If m <= k, the right subtree entries D[k:n] only exist in the current
	tree. We prove that the left subtree entries D[0:k] are consistent		tree. We prove that the left subtree entries D[0:k] are consistent
	and add a commitment to D[k:n]:		and add a commitment to D[k:n]:
	SUBPROOF(m, D[n], b) = SUBPROOF(m, D[0:k], b) : MTH(D[k:n])		SUBPROOF(m, D[n], b) = SUBPROOF(m, D[0:k], b) : MTH(D[k:n])
	If m > k, the left subtree entries D[0:k] are identical in both		If m > k, the left subtree entries D[0:k] are identical in both
	trees. We prove that the right subtree entries D[k:n] are consistent		trees. We prove that the right subtree entries D[k:n] are consistent
	and add a commitment to D[0:k].		and add a commitment to D[0:k].
	skipping to change at page 50, line 20 ¶		skipping to change at page 50, line 20 ¶
	13. References		13. References
	13.1. Normative References		13.1. Normative References
	[HTML401] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01		[HTML401] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01
	Specification", World Wide Web Consortium Recommendation		Specification", World Wide Web Consortium Recommendation
	REC-html401-19991224, December 1999,		REC-html401-19991224, December 1999,
	<http://www.w3.org/TR/1999/REC-html401-19991224>.		<http://www.w3.org/TR/1999/REC-html401-19991224>.
	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate		[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119,		Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
	DOI 10.17487/RFC2119, March 1997,		RFC2119, March 1997,
	<http://www.rfc-editor.org/info/rfc2119>.		<http://www.rfc-editor.org/info/rfc2119>.
	[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data		[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
	Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,		Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
	<http://www.rfc-editor.org/info/rfc4648>.		<http://www.rfc-editor.org/info/rfc4648>.
	[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security		[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
	(TLS) Protocol Version 1.2", RFC 5246,		(TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/
	DOI 10.17487/RFC5246, August 2008,		RFC5246, August 2008,
	<http://www.rfc-editor.org/info/rfc5246>.		<http://www.rfc-editor.org/info/rfc5246>.
	[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,		[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
	Housley, R., and W. Polk, "Internet X.509 Public Key		Housley, R., and W. Polk, "Internet X.509 Public Key
	Infrastructure Certificate and Certificate Revocation List		Infrastructure Certificate and Certificate Revocation List
	(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,		(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
	<http://www.rfc-editor.org/info/rfc5280>.		<http://www.rfc-editor.org/info/rfc5280>.
	[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,		[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
	RFC 5652, DOI 10.17487/RFC5652, September 2009,		RFC 5652, DOI 10.17487/RFC5652, September 2009,
	<http://www.rfc-editor.org/info/rfc5652>.		<http://www.rfc-editor.org/info/rfc5652>.
	[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,		[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,
	"Network Time Protocol Version 4: Protocol and Algorithms		"Network Time Protocol Version 4: Protocol and Algorithms
	Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010,		Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010,
	<http://www.rfc-editor.org/info/rfc5905>.		<http://www.rfc-editor.org/info/rfc5905>.
	[RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS)		[RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS)
	Extensions: Extension Definitions", RFC 6066,		Extensions: Extension Definitions", RFC 6066, DOI 10.17487
	DOI 10.17487/RFC6066, January 2011,		/RFC6066, January 2011,
	<http://www.rfc-editor.org/info/rfc6066>.		<http://www.rfc-editor.org/info/rfc6066>.
	[RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A.,		[RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A.,
	Galperin, S., and C. Adams, "X.509 Internet Public Key		Galperin, S., and C. Adams, "X.509 Internet Public Key
	Infrastructure Online Certificate Status Protocol - OCSP",		Infrastructure Online Certificate Status Protocol - OCSP",
	RFC 6960, DOI 10.17487/RFC6960, June 2013,		RFC 6960, DOI 10.17487/RFC6960, June 2013,
	<http://www.rfc-editor.org/info/rfc6960>.		<http://www.rfc-editor.org/info/rfc6960>.
	[RFC6961] Pettersen, Y., "The Transport Layer Security (TLS)		[RFC6961] Pettersen, Y., "The Transport Layer Security (TLS)
	Multiple Certificate Status Request Extension", RFC 6961,		Multiple Certificate Status Request Extension", RFC 6961,
	DOI 10.17487/RFC6961, June 2013,		DOI 10.17487/RFC6961, June 2013,
	<http://www.rfc-editor.org/info/rfc6961>.		<http://www.rfc-editor.org/info/rfc6961>.
	[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data		[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
	Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March		Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
	2014, <http://www.rfc-editor.org/info/rfc7159>.		2014, <http://www.rfc-editor.org/info/rfc7159>.
	[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer		[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
	Protocol (HTTP/1.1): Semantics and Content", RFC 7231,		Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI
	DOI 10.17487/RFC7231, June 2014,		10.17487/RFC7231, June 2014,
	<http://www.rfc-editor.org/info/rfc7231>.		<http://www.rfc-editor.org/info/rfc7231>.
	[RFC7633] Hallam-Baker, P., "X.509v3 Transport Layer Security (TLS)		[RFC7633] Hallam-Baker, P., "X.509v3 Transport Layer Security (TLS)
	Feature Extension", RFC 7633, DOI 10.17487/RFC7633,		Feature Extension", RFC 7633, DOI 10.17487/RFC7633,
	October 2015, <http://www.rfc-editor.org/info/rfc7633>.		October 2015, <http://www.rfc-editor.org/info/rfc7633>.
	[RFC7924] Santesson, S. and H. Tschofenig, "Transport Layer Security		[RFC7924] Santesson, S. and H. Tschofenig, "Transport Layer Security
	(TLS) Cached Information Extension", RFC 7924,		(TLS) Cached Information Extension", RFC 7924, DOI
	DOI 10.17487/RFC7924, July 2016,		10.17487/RFC7924, July 2016,
	<http://www.rfc-editor.org/info/rfc7924>.		<http://www.rfc-editor.org/info/rfc7924>.
	[RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,		[RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,
	"PKCS #1: RSA Cryptography Specifications Version 2.2",		"PKCS #1: RSA Cryptography Specifications Version 2.2",
	RFC 8017, DOI 10.17487/RFC8017, November 2016,		RFC 8017, DOI 10.17487/RFC8017, November 2016,
	<http://www.rfc-editor.org/info/rfc8017>.		<http://www.rfc-editor.org/info/rfc8017>.
	13.2. Informative References		13.2. Informative References
	[Chromium.Log.Policy]		[Chromium.Log.Policy]
	The Chromium Projects, "Chromium Certificate Transparency		The Chromium Projects, "Chromium Certificate Transparency
	Log Policy", 2014, <http://www.chromium.org/Home/chromium-		Log Policy", 2014, <http://www.chromium.org/Home/
	security/certificate-transparency/log-policy>.		chromium-security/certificate-transparency/log-policy>.
	[Chromium.Policy]		[Chromium.Policy]
	The Chromium Projects, "Chromium Certificate		The Chromium Projects, "Chromium Certificate
	Transparency", 2014, <http://www.chromium.org/Home/		Transparency", 2014, <http://www.chromium.org/Home/
	chromium-security/certificate-transparency>.		chromium-security/certificate-transparency>.
	[CrosbyWallach]		[CrosbyWallach]
	Crosby, S. and D. Wallach, "Efficient Data Structures for		Crosby, S. and D. Wallach, "Efficient Data Structures for
	Tamper-Evident Logging", Proceedings of the 18th USENIX		Tamper-Evident Logging", Proceedings of the 18th USENIX
	Security Symposium, Montreal, August 2009,		Security Symposium, Montreal, August 2009,
End of changes. 12 change blocks.
	23 lines changed or deleted		23 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/