> > > I'm keen to hear about cases where a name-constrained intermediate cannot > > > be used, necessitating label redaction described in 4.2.
> > Not everybody can afford the cost of doing this (i.e., pay a public CA to > > create an intermediary for them). > Can't the CA create the intermediate and keep it to itself in order to issue > the end-entity certs? That doesn't address the issue. Where can a startup, in stealth mode, go to get such a cert? CT shouldn't require *everything* on the web to be public. Nor should it require *everything* accessible via Chrome, Safari, or other CT browser, to be public. And it should not limit privacy to those with deep pockets. Now maybe you can argue that this is a business, not a protocol/technology issue. And I'll agree. :) _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
