#99: Clearer definition of when a certificate is CT-compliant needed The current text in the "Including the Signed Certificate Timestamp in the TLS Handshake" has a few problems, particularly: "The SCT data corresponding to at least one certificate in the chain from at least one log must be included in the TLS handshake..."
* The text should make a clear assertion that this is for a certificate to be considered CT-compliant. * The 'must' should be a MUST. * The text currently requires 'at least one certificate in the chain'. It does not require the SCTs to be for the leaf cert (although currently there's no way to indicate any of the non-embedded SCTs are for a certificate that's not the leaf certificate). The text could be pivoted to indicate that any certificate in the chain accompanied by SCTs is considered CT-compliant. -- ------------------------------+------------------------------ Reporter: [email protected] | Owner: [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Keywords: ------------------------------+------------------------------ Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/99> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
