On Fri, Jan 30, 2015 at 6:35 PM, Matt Palmer <[email protected]> wrote: > On Sat, Jan 31, 2015 at 02:01:45AM +0000, Jeremy Rowley wrote: >> Yeah - good points. We definitely don't want to see a ?.com cert logged. > > Actually, I'd be quite happy to see a precert for ?.com logged. It would > make it quite clear which CA is failing to play by the rules, which is, > after all, rather the point of CT.
Backing up quite a bit: It's clear from the examples that the level at which you can safely truncate a domain and know that you are identifying a unique organization is extremely difficult to determine. I'm sure there is a list out there, but it may change. And when it changes, old software may suddenly either accept too many certs, or too few. I'm sure people have thought about this more than I have. Sincerely, Watson Ladd > > - Matt > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
