Rob,
Having a cert rejected does not tell the submitter (CA or otherwise)
why, and
thus the submitted doesn't know how to resolve the problem.
Steve
On 06/07/15 16:06, Stephen Kent wrote:
If there is no standard for the validation checks logs perform, because
of a desire to accept malformed certs from (sloppy) CAs, then a CA
cannot
know whether its submission will be rejected by a log.
Huh? Why can't the (potentially sloppy) CA call add-chain (or
add-pre-chain) and see what happens?
Either the log will return an SCT (in which case it accepted the
submission), or it won't (in which case it rejected the submission).
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
