#136: inconsistent discussion of mis-issued certs and compliance Section 12.1 contradicts text in Section 9.2. 12.1 says that a mis-issued certificate that has not been logged is not compliant, whereas 9.2 says that any certificate not accompanied by an SCT is non-complaint. The discussion of the security implications of mis-issued certificates relative to logging is more accurately described in the attack/threat model. The Security Considerations section should use text from that document when addressing most of what is discussed in 12.1, 12.2, and 12.4.
-- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Keywords: -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/136> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
