Hello Ben,
On Tue, Apr 8, 2014 at 6:21 PM, Ben Laurie <[email protected]> wrote: > On 8 April 2014 15:18, Salz, Rich <[email protected]> wrote: > >> > I do not understand why metadata is more secure then the data itself. > > > >> It is created by a different authority. > > > > ? Is this in the part of the RFC that is still TBD? > > The RFC describes how logs work and how clients work. It does not > describe how clients decide what logs they are prepared to accept. I > am not sure it should. > > But whoever does also decides whether the algorithms in use by the > logs are acceptable and tells the client what those algorithms are > (along with other things, like the log's key, base URL and MMD). > > I think that the client should be able to find out the algorithm used by log because it cant'be changed during the log lifetime. And if the RFC specifies the URIs for certificate submit, it seems to me that it's reasonable to specify the URI for finding out the algorithm. But I prefer to leave out of band of the protocol only the data that can't be passed using it. Thank you! -- SY, Dmitry Belyavsky
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
