On 10/3/14 11:26 AM, Stephen Kent wrote: > I'm confused by the last sentence above. One can issue a cert at the > same time a pre-cert is issued, but the cert does not contain the > SCT that will be generated by the log, so the parallel issuance seems > redundant, > and I'm not sure how it helps.
This goes to the question of whether or not the serial number is knowable at the time at the precertificate is constructed. I don't know much beyond that; this is based on implementation reports from an American CA. > I'd feel more comfortable on this topic if we had the results > of the CABF member poll I suggested. Is there any progress on > that front? It's underway, and so far nobody is saying that the serial number issue is a block to implementation. I'm very concerned that we have not been able to close this issue for over six months, and that while several people have raised concerns on principle nobody who's actually implementing this on the CA side has said that this is a show-stopper, or even enough of a difficulty to raise it with us. We're very open to revisiting this if there's new information. Melinda _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
