#73: Section 3 text re log cert validation is ambiguous Section 3 states “When a valid certificate is submitted to a log …” It later says: Logs MUST accept certificates that are fully valid according to X.509 verification rules and are submitted with such a chain. Logs MAY accept certificates and precertificates that have expired, are not yet valid, have been revoked, or are otherwise not fully valid according to X.509 verification rules in order to accommodate quirks of CA certificate- issuing software.” This specification for what constitutes a valid certificate is ambiguous, e.g., it fails to specify a version of the X.509 standard. I suggest citing RFC 5280 instead. Also, as noted before (ticket #??) there is no specified way for a log to advertise whether is accepts certificates that have “issues” nor to specify what deviations from X.59 (or 5280) are acceptable to a specific log.
-- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: new Priority: critical | Milestone: Component: client- | Version: behavior | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/73> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
