Hello all,
I wanted to let folks on the alias know that development of the
Certificate Transparency feature for JSSE is now under way. I've posted
the JEP here:
https://bugs.openjdk.java.net/browse/JDK-8171275
The design is in the early stages and there are a number of things that
are TBD at this point. Some of the big ones:
* How the client will consume and store log information
* How we deal with the thresholds for pass/fail validity checks on
SCTs collected during the handshake
* Assuming the server will support providing SCTs in the TLS
extension, where it will consume and store the serialized SCTs.
There are a few others. At this point I've got the consumption of SCTs
in the handshake by the client working for X.509 certs and TLS
extensions and the OCSP stapling method is in progress.
The JEP will be updated in the weeks to come as the open design elements
are addressed.
Thanks,
--Jamil
