Rob,
I'm glad we agree that rejecting a cert is protocol behavior, not just a
UI issue.
We can't assume that incremental deployment will ever be "complete."
I've been
told by one major browser vendor that they like the logging and Monitor
aspects
of CT, but do not see browser behavior as a critical element. Thus they do
not plan to make their browsers reject certs (maybe not even
discriminate) based
on the lack of an SCT.
Given the history of browser behavior wrt cert revocation status
checking, this
is not a surprising perspective.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
