It seems as if we've been talking about precertificate format for quite some time, without coming to resolution. Let's try to find agreement on how to handle it and close issue 26.
The ticket, with description, is here: http://trac.tools.ietf.org/wg/trans/trac/ticket/26 The fundamental problem is that because precertificates are currently encoded as X.509 structures we have the potential for two certificates to exist with the same issuer and same serial number. Because the precertificate is not usable as a TLS certificate in practice, this may not be an issue. However, it's a clear violation of section 4.1.2.2 in 5280 (and to be honest I'm a little fuzzy on its implications for CRL processing). So, are you all comfortable with letting the X.509 representation stand, or do you have an alternative proposal? Thanks, Melinda _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
