Hi, I'd like to doublecheck that our reading of RFC6962 is correct regarding how to store a submitted root cert.
--8<---------------cut here---------------start------------->8--- 3.1. Log Entries ... "leaf_certificate" is the end-entity certificate submitted for auditing. "certificate_chain" is a chain of additional certificates required to verify the end-entity certificate. The first certificate MUST certify the end-entity certificate. Each following certificate MUST directly certify the one preceding it. The final certificate MUST be a root certificate accepted by the log. --8<---------------cut here---------------end--------------->8--- In the case of a root certificate, our implementation treats the (only) certificate as the leaf_certificate and sees certificate_chain as empty. v1/get-entries accordingly returns the cert in leaf_input and nothing in extra_data. Do you think that this is conformant with the specification? _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
