Eran,
I think the text in draft-dseomn-trans-browsers-00.txt addresses the topic
of what a browser can/should do re SCTs more clearly that 6962-bis,
although
the browser I-D not been updated to reflect the possibility of an inclusion
proof being sent as part of an SCT.
Also, the topic of when a server should send an inclusion proof, or when
a CA should embed a proof in an SCT in a cert, should be addressed in
I-Ds that thoroughly describe server and CA behaviors, e.g.,
draft-kseo-trans-ca-subject-00.txt.
Steve
#94: Fetching of inclusion proofs: Why and when are clients expected to do this?
Comment ([email protected]):
Regarding the original question raised in this issue:
(1) When is defined pretty clearly inhttps://tools.ietf.org/html/draft-
ietf-trans-rfc6962-bis-11#section-9.2.
(2) Why is explained in the introduction, albeit briefly.
The distinction between a client having an SCT and a client having an
inclusion proof that was clear in RFC6962 is now less sharp, as inclusion
proofs can be directly provided to clients.
There's benefit in explaining the distinction between a client only having
seen an SCT and a client having checked inclusion by verifying an
inclusion proof; I welcome suggestions regarding the relevant section in
the RFC this should be described.
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
