*3. Log Format and Operation*
This section contains several instances of specified, mandatory behavior
for clients, which contradicts the “client behavior is out of scope”
assertion, e.g.:
“…since certificates will not be accepted by TLS clients unless logged…”
“TLS clients MUST reject certificates that are not accompanied by an SCT
for either the end-entity certificate or for a name-constraine
intermediate the end-entity certificate chains to” (this sentence
appears to have been truncated, as well as containing a typo.)
The text also says “TLS servers MUST present an SCT from one or more
logs to the TLS client together with the certificate.“ Since there is no
specified behavior for clients, I question why mandating behavior for
TLS servers is in scope.
“When encountering an SCT, an Auditor …” We’ve told that an auditing is
no longer a stand alone function. Looking ahead, Section 5.4, appears to
be unchanged since the -03 version, when I noted that it was vacuous.
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
