Rob,
On 06/07/15 17:00, Stephen Kent wrote:
Rob,
Having a cert rejected does not tell the submitter (CA or otherwise)
why, and thus the submitted doesn't know how to resolve the problem.
Are the folks that work for (sloppy) CAs really incapable of reading
RFC5280 for themselves, incapable of examining their rejected certs to
discover the problem(s) for themselves, and incapable of finding a
suitable mailing list on which to ask questions if they get stuck?
I think may have misunderstood my point. I did not request that a log
return an error indicating
why a cert failed the logs checks. I asked that there be a deterministic
way for a submitter
to know whether a cert will pass. That can be accomplished in (at least)
two ways:
establish a standard set of checks that all logs perform, or establish a
way to each log to
state what set of checks it performs.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
