On Fri, Nov 4, 2016 at 6:33 AM, Ben Laurie <[email protected]> wrote: > > The bit you didn't quote does say they the log has to accept valid > certs, tho: "Logs MUST accept certificates and precertificates that > are fully valid according to RFC 5280 [RFC5280] verification rules and > are submitted with such a chain."
Sorry about that. So the three MUSTs together are: - Logs MUST verify that each submitted certificate or precertificate has a valid signature chain to an accepted trust anchor, using the chain of intermediate CA certificates provided by the submitter. - Logs MUST reject submissions without a valid signature chain to an accepted trust anchor. - Logs MUST accept certificates and precertificates that are fully valid according to RFC 5280 verification rules and are submitted with such a chain. When I read these together, I read that Logs must accept _any_ certificate that is fully valid according to RFC 5280 verification rules and chains to any root the log trusts and logs must _only_ log such certificates (and no others). If this is accurate, we need to account for all types of certificates being logged, as a log cannot choose to reject certificates for usages other than server authentication and the log cannot reject certificates that have personal information (e.g. an server authentication certificate that states which human requested the certificate in the subject). This seems like a very strong assertion of policy rather than a technical discussion of how the CT protocol works. I would again ask the WG to reconsider the requirement levels specified in this section. Thanks, Peter _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
