On 15/03/16 13:51, Ben Laurie wrote:
Oh, also:
4. Require SCTs for all certs in the chain, which prevents hiding the
alternate intermediate.
In my experience CA certificates rarely need to be issued in a hurry, so
maybe requiring Inclusion Proofs for all CA certificates in the chain
could work.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
