#127: confusing case is allowed: submission of pre-cert without embedding SCT in issued cert
Comment (by [email protected]): "The CA MAY incorporate the returned SCT in the issued certificate" is worded like that very deliberately. In addition to Adam's point, please see ticket #10. (tl;dr Name redaction relies on precertificates. We want to support name redaction when SCTs or inclusion proofs are sent via OCSP Stapling or the CT TLS extension. To do this, we need Precertificate SCTs that probably won't be embedded in certs) Let's leave this ticket open for now, and revisit it after ticket #10 has been fully addressed. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: enhancement | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Resolution: Keywords: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/127#comment:2> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
