On Mon, Mar 6, 2017 at 7:00 PM, Jeremy Rowley <[email protected]> wrote:
> Currently, the Chrome policy doesn’t permit quickly spinning up new logs > with omitted certificates. > That's correct, and as discussed, that's open to change to address various implementation concerns. Which is my point - that this isn't necessarily one which requires a technical solution or engineering, and is more an aspect of implementation and implementation guidance. Everything provided by RFC 6962 or RFC 6962-bis supports addressing this concern without any changes to either spec - provided that implementations (which believe such concerns are valid) can appropriately address them via other, provided-for means. I don't think we should expend energy on specifying that unless we have reason to believe that it's impossible to implement agility for logs IF such a scenario were to happen and be seen as valid. But there's no reason to overly complicate and undermine the security properties to do so.
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
