On Wed, Jun 17, 2020 at 12:59:57AM +1000, Fraser Tweedale wrote:
> Thanks for the testing notes, Christina.
>
> Today I set up a local test CT log server using a container image.
> I plan to document more thoroughly but rough notes at [1].
>
> Now to the issue I found - I have a commit[2] in a
Thanks for the testing notes, Christina.
Today I set up a local test CT log server using a container image.
I plan to document more thoroughly but rough notes at [1].
Now to the issue I found - I have a commit[2] in a private branch.
Hopefully the commit message and comments explain it well
Hi Fraser,
That sounds good! I just added the following page to document my "quick
test" procedure which I use during development:
https://www.dogtagpki.org/wiki/PKI_10.9_Certificate_Transparency
btw, the verifySCT is currently enabled, but the failure is ignored.
However, you could look in the
Hi Christina,
I will find a day next week to have a close look. Probably Tuesday
or Wednesday. It will help to have test environment setup
documentation, i.e. how to set up a log server to test with, how to
configure Dogtag, etc. If this stuff is already written then you
just need to tell me
HI Fraser,
verifySCT still fails. I still think the fact the rfc does not require the
signed object to accompany the signature presents undue challenge to the
party that needs to verify the signature. Although I understand that this
is v1, and the issue would not be present in v2 since there
Hi Fraser,
Thanks for the response!
Regarding the poison extension, yes I was aware that it needed to be
removed so the code already had it removed. It was the order of things
left inside tbsCert that I was concerned about since I used the existing
delete method provided for the Extension class,
Hi Christina,
Adding pki-devel@ for wider audience. Comments below.
On Mon, Jun 01, 2020 at 06:28:42PM -0700, Christina Fu wrote:
> Hi Fraser,
> Do you know how the signature returned in the SCT response could be
> verified by the CA?
> My thought is that the CA should somehow verify the CT
