I realized, after I sent my reply, that Santosh's point wrt path validation
is important. I believe Ben indicated that he did not envision logs
performing all
of the 5280 checks, just verifying the signatures in the path. So, I
misspoke when
I noted that 6962-bis already called for path checking; it calls for it,
but only
in a very superficial way.
Thus we need to decide if we believe that a sig-only check on a path
consistent with
the CABF guidelines. I don't think it is. The Definitions section of the
CABF guidelines
includes the following entry:
Valid Certificate: A Certificate that passes the validation
procedure specified in RFC 5280.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
