On 11 September 2014 12:27, Ben Laurie <[email protected]> wrote: > On 11 September 2014 12:17, Rob Stradling <[email protected]> wrote: >> On 11/09/14 11:56, Eran Messeri wrote: >>> >>> The poison extension is removed from the Precertificate prior to the log >>> producing an SCT over it, so a client never has to know about it. What >>> the TLS client has to do is to remove the "embedded SCTs" extension >>> from the certificate prior to validating the signature. >> >> >> Ditto for the future "redactedlabels" extension. > > That one appears in the cert, too, doesn't it?
Sorry, ignore that, it is in the cert but not the precert (though that seems like an arbitrary decision to me). > >> >>> On Thu, Sep 11, 2014 at 11:40 AM, Erwann Abalea <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Bonjour, >>> >>> It seems there's no constraint on the order of extensions in the >>> final certificate regarding to the Precert. >>> Won't it be problematic if the browser wants to validate the SCT >>> signatures by constructing the Precert from the final certificate? >>> Where should a CA add the poisonous extension? And the future >>> "redactedlabels" extension (it has no name)? >>> >>> -- >>> Erwann. >>> >>> _______________________________________________ >>> Trans mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.ietf.org/mailman/listinfo/trans >>> >>> >>> >>> >>> _______________________________________________ >>> Trans mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/trans >>> >> >> -- >> Rob Stradling >> Senior Research & Development Scientist >> COMODO - Creating Trust Online >> Office Tel: +44.(0)1274.730505 >> Office Fax: +44.(0)1274.730909 >> www.comodo.com >> >> COMODO CA Limited, Registered in England No. 04058690 >> Registered Office: >> 3rd Floor, 26 Office Village, Exchange Quay, >> Trafford Road, Salford, Manchester M5 3EQ >> >> This e-mail and any files transmitted with it are confidential and intended >> solely for the use of the individual or entity to whom they are addressed. >> If you have received this email in error please notify the sender by >> replying to the e-mail containing this attachment. Replies to this email may >> be monitored by COMODO for operational or business reasons. Whilst every >> endeavour is taken to ensure that e-mails are free from viruses, no >> liability can be accepted and the recipient is requested to use their own >> virus checking software. >> >> >> _______________________________________________ >> Trans mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/trans _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
