Ø There's already been a fairly extensive discussion on this, perhaps still
not resolved. But my position continues to be that the TLS client needs to know
various things about the log - public key, URL, MMD. I don't see the problem in
those things being communicated in a data structure (e.g. in JSON).
.. and crypto mechanisms being used. At IMHO, this is not resolved.
Ø Indeed we will shortly be defining such a structure for Chrome's valid logs.
Whether this should form part of the RFC is up to the WG.
Yes, at least there. I think the structure should be embedded in the log’s
root, for simplicity of deployment evolution, and aiding after-the-fact
auditing.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [email protected]<mailto:[email protected]>; Twitter: RichSalz
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
