Opened 6 years ago

Closed 5 years ago

#177 closed defect (fixed)

Instructions for constructing leaf hash from cert + SCT

Reported by: rlb@… Owned by: draft-ietf-trans-rfc6962-bis@…
Priority: major Milestone: review
Component: rfc6962-bis Version:
Severity: - Keywords:


In the current specification, the client requests inclusion proofs / STHs using
the get-proof-by-hash / get-all-by-hash endpoints. That means the client
has to provide a hash of the following struct:


opaque TBSCertificate<1..224-1>;

struct {

uint64 timestamp;
opaque issuer_key_hash<32..28-1>;
TBSCertificate tbs_certificate;
SctExtension? sct_extensions<0..2

} TimestampedCertificateEntryDataV2;


Constructing this struct seems complicated enough (e.g., since it involves some
surgery on both a cert and an SCT) that it would be helpful to provide some
instructions on how the client is supposed to do it.

Change History (4)

comment:1 Changed 6 years ago by rob.stradling@…

  • Component changed from client-behavior to to-be-decided

comment:2 Changed 5 years ago by eranm@…

  • Component changed from to-be-decided to rfc6962-bis

Seems like a good idea - I support that.

comment:4 Changed 5 years ago by melinda.shore@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.