Have you looked into the options of not requiring CT for CAs which are constrained to a brief list of domains ? I understand this was considered in the past but couldn't find details why this was not accepted.
Named constraint by default provide the assurance as to what domains they will issue. CT becomes an additional network call in in issuance of certificate which can be prevented. Opinions ? Could you assist to forward it to the right email aliases if this isn't one? Thanks, Rashmi Jha. Azure Security Program Manager Microsoft Corporation [email protected]<mailto:[email protected]>
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
