#23: How can TLS clients match an SCT to a certificate?
Comment (by [email protected]): One further thing discussed with Eran just now: it could be useful to define an SCT extension to self-identify that SCT as belonging to a name- constrained intermediate certificate rather than an end-entity certificate. Requiring this SCT extension to be present in such SCTs would reduce the amount of guesswork that clients need to do in order to determine which certificate the SCT belongs to. If we do this, we would need a corresponding extension for inclusion proofs, although there's currently no extensions field in InclusionProofDataV2. -- ------------------------------+--------------------------------------- Reporter: [email protected] | Owner: [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Resolution: Keywords: | ------------------------------+--------------------------------------- Ticket URL: <https://trac.tools.ietf.org/wg/trans/trac/ticket/23#comment:8> trans <https://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
