Rob,
Steve,
I would say that "...all issued certificates" does summarize the "aim"
of the CT ecosystem pretty well: in the long run, we expect TLS
clients to require CT compliance for all publicly trusted certs,
meaning that interested parties have a strong incentive for all certs
to be logged.
yes, but this RFC should focus on a more narrow, accurate
characterization, rather
than using the future optimistic tense (as it does whenever it talks
about TLS clients
rejecting certs w/o SCTs).
I'm not as keen on your proposed text, TBH.
However, I realize that the "all" in "all issued certificates" is a
bit misleading when you consider the options for logging
precertificates and/or name constrained intermediates in place of
actual end-entity certs. For that reason I'd be happy to drop the
word "all" from my proposed rework of the first sentence...
thanks.
"Certificate transparency aims to mitigate the problem of misissued
certificates by providing append-only logs of issued certificates."
WFM.
BTW, is there a reason why we're now having this discussion only on
the mailing list, rather than continuing it where it started (i.e. on
the issue tracker, which automatically copies each message to the
mailing list) ?
no, not intentional.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
