On 19/09/14 19:50, Fabrice Gautier wrote:
Hi,
Since in RFC6962, the entry type in an SCTs is not explicit, one has
to either guess or try both type in order to validate the SCTs.
Does it make sense to infer the entry type from the origin of the SCT?
If the SCT is embedded in a cert, it has to be a precert entry. In
case of an SCT in the TLS handshake, I would expect in most case it's
an x509 entry.
For RFC6962, an SCT sent via the CT TLS extension or OCSP Stapling MUST
have an entry_type of x509_entry.
But are there any situations where having a SCT with precert entry in
the TLS extension or OCSP response would make sense ?
For 6962-bis, yes.
See http://trac.tools.ietf.org/wg/trans/trac/ticket/10
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
