I have a few questions and comments on this document: A general comment: What should a log do if it receives multiple submissions of the same certificate? It MUST detect and reject duplicates? SHOULD detect? What if it receives a certificate containing an embedded SCT from itself? MUST/SHOULD/MAY reject?
Section 1.1 fixes the hash algorithm as SHA-256. It makes no mention of acceptable digital signature algorithms. http://www.certificate-transparency.org/sizes indicates the thinking is ECC. Is RSA an acceptable signature algorithm? Section 2.1: Shouldn't Version be covered by the signature in a SignedCertificateTimestamp? I'd think it would be beneficial to be able to verify that the signature was intended for the same version as is claimed in the unsigned portion. Section 2.2 (minor edit): upon first read, the units of old_tree_size wasn't clear (leaf count? bytes?) The description of tree_size is explicit on the units ("number of entries"). I would appreciate it if old_tree_size had similar text. Section 2.3 (minor edit): the last bullet uses the term tree_signature, when the rest of the text uses tree_head_signature. Regards, Chris _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
