On Mon, 20 Oct 2014, Linus Nordberg wrote:
as individual without chair hat...
Logs MUST verify that the submitted end-entity certificate or
My intention was to make the specification less restrictive by changing
Logs MAY accept certificates that have
expired, are not yet valid, have been revoked, or are otherwise not
fully valid according to X.509 verification rules in order to
accommodate quirks of CA certificate-issuing software.
That seems to bring up the topic a bit too broadly I think? How about:
Logs MUST protect themselves against spam. They MAY require a
fully validated X.509 certification chain to one of their configured
trusted root CA's.
That leaves out the discussion for other checks, that may or may not go
into a separate section or document.
Paul
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
