Melinda,
One of the questions that's come up is whether or not it's reasonable
to expect that CAs will (or can) have knowledge of a certificate's
serial number prior to issuance - it's one of the basic questions that
needs to be considered in the context of the precertificate discussions.
We'd be grateful if any CAs (particularly ones with a CT implementation
either in the works or planned) could give some feedback on that.
I've expressed concern that many of the Web PKI CAs may not be
tracking the CT work. I suggest you contact someone at the CABF and
ask them to conduct a poll of their members. I propose two questions:
1. Is anyone from your organization tracking the IETF TRANS WG?
2. Would your (Web PKI) certificate issuance process be adversely
affected if you
- generated a TBScertificate, including all the fields normally present
in certs you issue
- submit this TBScert structure to two or more third parties (over the
Internet)
- wait to receive a (newly-defined) extension value from each of these
parties
- insert the extension values into the cert and sign it, without
changing any of the
cert fields in the TBScert from step 1
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
