#131: missing guidance for TLS servers to select logs [https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-10#section-7 Section 7] advises servers to send SCTs from more than one log, to minimize the chance that a client will find an SCT from one log to be unacceptable. However, (as [http://www.ietf.org/mail- archive/web/trans/current/msg01662.html Matt Palmer mentioned on the list]) there is no guidance on how a server is to select logs to maximize this likelihood. For example, the server is not advised to Audit the log(s) it has selected to determine if any have been compromised or have ceased operation. Also, a cited concern is that a log may not be known to a client, yet there is no discussion of how a server learns which logs are know to its clients (or to most clients). So, for example, you could RECOMMEND that servers examine the set of logs that browser vendors make available as a basis for such decisions.
-- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: enhancement | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Keywords: -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/131> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
