#94: Fetching of inclusion proofs: Why and when are clients expected to do this?
The introduction implies that clients asynchronously check for inclusion proofs. A rough suggestion by Steve Kent: "If clients check for the presence of SCTs, this is a good start because gives them some confidence the certificate is logged if the log is behaving. They can gain additional confidence by demanding an inclusion proof. We recognise it puts additional burden on clients" We should also point out that a client directly contacting the log to request an inclusion proof discloses private information to the log (the website the client has visited) and so other, indirect methods of contacting the log may be required. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: client- | Version: behavior | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/94> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
