Bonjour, It seems there's no constraint on the order of extensions in the final certificate regarding to the Precert. Won't it be problematic if the browser wants to validate the SCT signatures by constructing the Precert from the final certificate? Where should a CA add the poisonous extension? And the future "redactedlabels" extension (it has no name)?
-- Erwann.
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
