On 27/12/2018 16:43, Rob Stradling wrote:
<snip>
> Proposed text:
> https://github.com/google/certificate-transparency-rfcs/pull/305
>
> This PR takes an axe to the "Accepting Submissions" section, splitting
> it into two subsections in order to (I think) more clearly specify (1)
> what are the minimum rules for acceptable submissions and (2) what's
> left to the log's discretion.
>
> I've added text to the minimum rules subsection regarding checking the
> Basic Constraints and Key Usage extensions.
>
> I'd like to hear your thoughts about the general approach of this PR as
> well as its detail. Thanks!
Groups of logs sharded by (pre)certificate notAfter date are explicitly
permitted by the Chromium CT Log Policy [1], and this is becoming the
norm for new CT logs intended for use by the WebPKI. Whilst working on
PR 305 just now, I noticed that 6962-bis doesn't say anything about this
topic.
As a follow-on to PR 305, I think we should:
- Add optional "rangeBegin" and "rangeEnd" parameters to section 4.1
("Log Parameters").
- Describe the use of these optional parameters in the new
"Discretionary Acceptance Criteria" subsection proposed by PR 305.
Any comments?
[1]
https://github.com/chromium/ct-policy/blob/master/log_policy.md#permissible-logging-rejection-criteria
--
Rob Stradling
Senior Research & Development Scientist
Sectigo Limited
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
