Rob,
Hi Stephen. That's an interesting idea, but I see a few issues.
Step 4 requires the final cert to be logged, so it's incompatible with
the name redaction mechanism.
Oops, an oversimplified description on my part. In step 4 I think one
can apply the whatever redaction mechanisms that we adopt.
Monitors want to detect misissuance (i.e. certs that have been issued
incorrectly). I'm not sure that it's reasonable to expect Monitors to
also take responsibility for detecting non-issuance of certs that
should have been issued.
The current I-D says
Monitors watch logs and check that they behave correctly.They also
watch for certificates of interest.
The non-issuance of an SCT after issuance of an SCT* for a "certificate
of interest"
would seem to be within scope, given the somewhat vague description in
the I-D.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
