On Tue, 19 Apr 2022 20:56:25 -0600 Ben Wilson <[email protected]> wrote:
> Hi Rob and Andrew, > > "Corresponding certificate" seems to work, but are you OK with this > for the first bullet? > > " * if a corresponding certificate cannot be verified as matching a > precertificate using the algorithms in RFC 6962, then two distinct > corresponding certificates are presumed to exist, and it is > misissuance if the two corresponding certificates have the same > serial number and issuer, even if only one corresponding certificate > actually exists;" I don't think "corresponding certificate" works here because only one of the corresponding certificates actually corresponds to an extant precertificate. I think we should stick with "final certificate" and add a simple definition: A certificate that is not a precertificate [RFC 6962]. Regards, Andrew -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20220420100032.41525cac6a9f68ad7b68aaa6%40andrewayer.name.
