Opened 6 years ago

Closed 5 years ago

#176 closed defect (fixed)

Remove `X509ChainEntry` and `PrecertChainEntryV2`

Reported by: rlb@… Owned by: eranm@…
Priority: major Milestone: review
Component: rfc6962-bis Version:
Severity: - Keywords:
Cc:

Description

Presenting these as types is confusing, since now you have multiple "entry"
types that the reader has to disambiguate. It also causes the get-entries
endpoint to send a bunch of duplicate data, since the TBSCertificate is
present in both the leaf_input field and the log_entry field (again,
confusing, since the log_entry isn't actually what's entered in the log!).

It would be better to treat the information in these values as metadata on the
get-entries endpoint. So you would end up with the following fields in each
get-entries.entries object:

  • leaf_input: (same as now)
  • is_precertificate: Boolean indicating whether the entry was submitted as a certificate or precert
  • chain: The CA chain with which the cert was submitted
  • sct: (same as now)

This also helps remove the confusion between "entries" (which sound like they
should be part of the log, but aren't) and "leaves" (which are).

Change History (5)

comment:1 Changed 6 years ago by rob.stradling@…

  • Component changed from client-behavior to to-be-decided

comment:2 Changed 5 years ago by eranm@…

  • Component changed from to-be-decided to rfc6962-bis

From in-person discussion with Richard, we could:
(1) Rename these structs because they’re not actually the log entries - make it clearer which structures *are* the log entries and what are the submissions that caused the log entries to be created.
(2) match the output of get-entries to the input in add-chain, rather than TLS-encoded structs that the client has to decode, given the log itself does not store them in TLS encoding and definitely gets them as submissions in JSON.

comment:3 Changed 5 years ago by eranm@…

  • Owner changed from draft-ietf-trans-rfc6962-bis@… to eranm@…
  • Status changed from new to assigned

comment:5 Changed 5 years ago by melinda.shore@…

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.