Dear David, On Fri, Dec 4, 2015 at 4:10 AM, David Mandelberg <[email protected]> wrote:
> On 2015-11-26 10:38, Dmitry Belyavsky wrote: > >> Does it make sense to specify behaviour for the case when some of >> SCTs delivered to the browser are incorrect (do not match the log key, >> the cert, etc)? >> > > I've quoted two sentences from the draft below. I think [0] adequately > describes what to do if some of the SCTs don't match the browser's > metadata, and [1] described what to do if any of the SCTs match the > metadata but fail validation. Is there another case that the draft is > missing? Or is there a way we could make the draft more clear? > > [0] If no metadata for > the log is available to the browser, the SCT is ignored. > > [1] If an SCT is conveyed for a TLS server in any of the ways noted > above and it fails validation, the browser MUST consider the > certificate for the server to be invalid and proceed accordingly. Thank you! I missed the 2nd quote. -- SY, Dmitry Belyavsky
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
