On 19 November 2012 13:20, Carl Wallace <[email protected]> wrote: > On 11/19/12 8:08 AM, "Ben Laurie" <[email protected]> wrote: >>> In any case, I have a hard time seeing why you would reject certificates >>> signed by a public CA (or any other CA that is covered by the log). CA >>> operators and legitimate domain owners should be interested in these and >>> the signature check ought to be good enough for spam prevention unless >>> things are more broken than is commonly reported. >> >>We would not reject them. Why do you think we would? > > A misunderstanding I hope. If you are saying that browsers/observers > can/would submit certificates that chain through a CA covered by the log > then I have no issue. If (as I had come to think) the log is fed during > issuance, then I think a significant part of the potential value is lost.
Anyone can submit to the log. The log (at least our log!) will accept any certificate chained through a public CA. > Part of the problem in tracking this right now is the TBD in section 3 of > the draft. I'll refrain from further comment until that text is present, > since that should clarify things. I will at least outline what will be in the messages soon. _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
