On 11/03/14 12:40, Phillip Hallam-Baker wrote:
<snip>
Phill, are you assuming that "<log server>" can't have a "/" in it?
If so, that's an invalid assumption.
The values of "<log server>" for the 2 CT Logs that Google are
currently operating are "ct.googleapis.com/pilot" and
"ct.googleapis.com/aviator".
Problem with that approach is that it means that each log deployment
requires server admin to create the distribution point and isn't
compatible with the .well-known convention.
https://tools.ietf.org/html/rfc5785#section-1.1 says...
"Well-Known URIs...are designed to facilitate
discovery of information on a site when it isn't practical to use
other mechanisms;"
TLS Clients such as Chrome are going to embed lists of the URIs of the
CT Logs that they trust. "Discovery" of CT Logs is not a requirement.
In other words, it _is_ practical to use other mechanisms.
Do you think log discovery will be needed for some other potential
use-case(s) for public notary transparency (that this WG might one day
be re-chartered to tackle)?
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
