On Mon, Mar 6, 2017 at 4:22 PM, Ben Laurie <[email protected]> wrote: > I think you can waste a lot of brainpower on redaction, but really the > answer is: if you don't want to publish your names, then don't use a > mechanism that requires you to. There are alternatives: name-constrained > sub-CAs. Private CAs. You can even have private CT to go along with them. > Why mess up a protocol whose intent is to show everything? >
Ben: Name-constrained sub-CAs have not been accepted by Chrome as a redaction mechanism. They were moved to the redaction spec precisely because they are a variation of redaction.
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
