#55: Security Considerations: Describe the implications of clients *not* doing certain optional checks
Client behaviour is not mandated in RFC6962-bis - but the list of checks a client could do is specified. We should document, in the Security Considerations section, what happens if a client does not perform each (or some) of these checks. For example, the implications of not checking the validity of SCTs or not terminating a connection if there are no enough valid SCTs. Hopefully this is an acceptable middle-ground between mandating client behaviour and not mandating it at all. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Keywords: -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/55> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
