Ben,
...
What is the "it" to which you refer? a different pre-cert model?
Yes.
Thanks for the clarification.
..
The protocol, as currently specified in 6962-bis, does not seem compatible
with incremental deployment, yet it also does not state that a flag day is
required. For example, if a TLS client MUST reject a cert with an
accompanying
SCT, how does this work in an incremental deployment scenario?
I think you mean "without an accompanying SCT". And yes, that's a fair
point, there would need to be a period when that requirement was
relaxed.
yes, I meant "without." Glad to see we agree that the doc will need to
explain
how to deal with incremental deployment, and thus the "MUST have an SCT"
is too
simple to deal with this deployment scenario.
..
A discussion of what Google is implementing, based on an Experimental RFC,
ought
not be construed as relevant to what a standards track RFC will mandate. Or,
are
you saying that Google feels that browser vendors, CAs and log operators
will be
reluctant to deploy a standard that deviates in significant ways from the
Experimental
protocol?
No, I mentioned it only because it appears to be a point of confusion.
Thanks for the clarification. So long as the folks (other than Google)
deploying 6962
don't object to the fact that 6962-bis may have a number of differences, OK.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
