#150: Architecture document: Indicate missing SCT is equivalent to invalid one
Comment (by [email protected]): I don't think it appropriate to treat missing and invalid SCTs as equivalent. An invalid SCT violates the spec for SCT syntax or has a bad signature, and thus is a justification for rejecting a cert. We do not have a proposal for how to be backwards compatible and yet mandate SCTs for all web server sites, so we ought not treat a missing SCT as equivalent. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-trans-threat- [email protected] | [email protected] Type: enhancement | Status: new Priority: major | Milestone: Component: threat- | Version: analysis | Resolution: Severity: - | Keywords: | -------------------------+------------------------------------------------- Ticket URL: <https://trac.tools.ietf.org/wg/trans/trac/ticket/150#comment:1> trans <https://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
