On Thu 2016-06-16 21:48:31 -0400, Matt Palmer wrote: > On Fri, Jun 17, 2016 at 12:51:23AM +0000, Jeremy Rowley wrote: >> My view as well. If it's not part of this bis, you're basically saying >> goodbye to name redaction > > How so? Has the IETF said they won't accept any further RFC submissions on > redaction (or CT in general) after the publishing of 6962-bis?
Specifying it is the easy part. Figuring out a deployment story would be the hard part, especially if there are browsers (or other CT clients) in the deployed base who don't know how to deal with it. * Deploying only a new, redacted SCT means that the deployed base will think that your cert has not been logged. * Deploying a redacted SCT side-by-side with a non-redacted SCT (for the older deployed base) gives you no privacy benefit, because the non-redacted SCT is still public. As a result, servers have no strong incentive to deploy redacted SCTs, so they probably won't deploy them. And because no servers deploy redacted SCTs, no clients will have an incentive to support them. :( --dkg
signature.asc
Description: PGP signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
