> (13) 4.x - how does CT impact on the TLS server cert used for > these HTTPS connections?
I presume you're afraid of some bootstrapping problem. So, let's imagine a world in which no logs exist yet, but clients insist on CT for all new certs. How do we get off the ground? Easily: the log gets a cert from a CA _without_ an embedded SCT. It then logs it (using an internal API) to get an SCT, which it serves using a TLS extension. _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
