#152: Architecture document: CT-aware TLS clients may require SCTs for all certs
(Towards the end of Page 14) Concludes that because real-time inclusion proof requests are infeasible, TLS clients are not expected to reject a certificate that has no associated SCTs. I find that conclusion surprising. I would expect the conclusion to be that TLS clients are not expected to fetch an inclusion proof in real-time during SSL connection establishment. As I understand it, it is CT's end-goal that at least some TLS clients would require presence of SCTs for all certificates. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: client- | Version: behavior | Keywords: Severity: - | -------------------------+------------------------------------------------- Ticket URL: <https://trac.tools.ietf.org/wg/trans/trac/ticket/152> trans <https://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
