On 11/19/12 8:08 AM, "Ben Laurie" <[email protected]> wrote: >> In any case, I have a hard time seeing why you would reject certificates >> signed by a public CA (or any other CA that is covered by the log). CA >> operators and legitimate domain owners should be interested in these and >> the signature check ought to be good enough for spam prevention unless >> things are more broken than is commonly reported. > >We would not reject them. Why do you think we would?
A misunderstanding I hope. If you are saying that browsers/observers can/would submit certificates that chain through a CA covered by the log then I have no issue. If (as I had come to think) the log is fed during issuance, then I think a significant part of the potential value is lost. Part of the problem in tracking this right now is the TBD in section 3 of the draft. I'll refrain from further comment until that text is present, since that should clarify things. _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
