On Nov 1, 2012, at 1:00 PM, Rob Stradling <rob.stradl...@comodo.com> wrote:

> If by "actively participating" you mean that the CA has embedded the CT proof 
> in the cert, then yes, there is no requirement on the bank.

That's one definition of "actively participating", but there are others, such 
as publishing a list that the auditors pick up.

> If the CA instead embeds the CT proof in OCSP Responses relating to the cert, 
> then there is no requirement on the bank apart from to use OCSP Stapling.

This confuses me. If the CA is putting the CT proof in its OCSP responses, why 
does the bank have to do anything?

> If the CA is not participating in either of these 2 ways, then there is a 
> requirement on the bank (aka the "server operator"), which may or may not be 
> rocket science, depending on your opinion.

If the CA is not participating, why should that CA be in the trust pile of 
software that relies on CT?

--Paul Hoffman
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey

Reply via email to