On Thu, Feb 26, 2015 at 03:37:17PM -0500, Stephen Kent wrote: > Ben, > > >My argument is that over time servers will deal with SCTs automatically > >and CAs will stop including SCTs (at least optionally) as a result. > > I understand your assertion, but I don't feel that you have made a strong > case for why this specific path will become the norm.
Because it is operationally more flexible than embedding SCTs in the certificate (rotating SCTs if logs cease operation or become untrusted), and hence can make the TLS handshake smaller (only need to transmit the one SCT that is trusted, rather than N SCTs in the certificate). - Matt _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
