On 6 July 2015 at 16:06, Stephen Kent <[email protected]> wrote: > If there is no standard for the validation checks logs perform, because of a > desire to accept malformed certs from (sloppy) CAs, then a CA cannot know > whether > its submission will be rejected by a log.
If a CA wants to be sure in advance (why?) that a log will accept its certs, then it should conform with the relevant standards. > The alternative is to specify a > way for > each log to specify what checks it performs, and to publish that the same > way other > log info is advertised. > > Steve > > >> #73: Section 3 text re log cert validation is ambiguous >> >> >> Comment (by [email protected]): >> >> On the issue of specifying deviations, I am not sure how that could >> realistically be done. For example, our logs will permit whatever >> deviations OpenSSL permits. I don't think anyone knows precisely what >> those are, and I'm prepared to bet they vary between versions. >> >> Even leaving that aside, experience suggests we have to permit >> deviations >> in order to admit incorrect certificates that are accepted by browsers. >> I >> don't think we can anticipate what all of those are. >> > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
