(Inspired by RFC5280 Appendix C)
Would it help to include one or more example SCTs in the text?
On 13/03/14 17:29, Phillip Hallam-Baker wrote:
I am trying to make sense of the log file encoding (section 3). this
does not seem to me to be properly or clearly specified.
RFC6962 punts the encoding question to RFC5246 but this only helps
somewhat because the description there is atrocious.
In particular it is implicit in the text that digitaly-signed is
equivalent to the ASN.1 macro. But this isn't actually explained
anywhere in section 4 of 5246. So as a result there is no information on
where the signature appears in the data stream, does it precede or
follow the signed data?
This is quite problematic because in the TLS use the signed data does
not appear on the wire at all, the construct is used in client auth when
the prior handshake is signed so there is no need to retransmit the data.
It looks to me like the idea here is that the SCT does not need to
include the certificate or precertificate data because the corresponding
signed data will always be implicit from the mode of use. But that needs
to be clearly stated.
At the moment the specification is assuming that the reader has a high
degree of familiarity with PKIX and TLS encodings and can switch gear
between them.
--
Website: http://hallambaker.com/
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
