Regarding Issue #1: http://tools.ietf.org/wg/trans/trac/ticket/1# "Need options for avoiding logging private subdomains", I think the design is not yet complete.
I understand how this works when my customer has chosen the precert delivery option (I mask the second level domain in the precert that I send with the add-pre-chain command). But if my customer has chosen to deliver SCTs via OCSP staple or TLS extension, and they want to keep their subdomain private, what do I do? I'm going to sign the cert without SCTs in it, but if I log it via an add-chain command, the subdomains will be visible in the log. -Rick
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
