On 3 March 2017 at 19:09, Andrew Ayer <[email protected]> wrote: > On Fri, 3 Mar 2017 13:24:51 -0500 > Richard Barnes <[email protected]> wrote: > > - A field in an SCT that indicates the canonical STH for the > > certificate in question. Possibly a serial number in STH that SCTs > > could refer to. > > Is this necessary? Why not define the canonical STH as the first STH > issued after the SCT (based on timestamp)? >
That doesn't work - the cert may not have been included in the log by then. That said, not sure how Richard's proposal works, either - in general, the front-end that returns the SCT cannot know when the cert will be included, and hence cannot predict the relevant STH. Not entirely sure I agree with the initial premise anyway. > >
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
