#4: Should we sign TBS for Certificates?
Comment (by [email protected]): Eran, don't the existing PrecertChainEntryV2/X509ChainEntry structs already hold the original submission? Can't we resolve this ticket just by changing !SignedCertificateTimestamp.signed_entry and !TimestampedEntry.signed_entry from... select(entry_type) { case x509_entry: ASN.1Cert; case precert_entry_V2: TBSCertificate; } signed_entry; ...to... select(entry_type) { case x509_entry: TBSCertificate; case precert_entry_V2: TBSCertificate; } signed_entry; I think it makes sense to retain a different struct for each !LogEntryType, rather than try to unify them. New !LogEntryType values might be defined in future that aren't unifiable with the existing two. -- ------------------------------+------------------------------ Reporter: [email protected] | Owner: [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Resolution: Keywords: | ------------------------------+------------------------------ Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/4#comment:4> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
