Clarify signature checking purpose and mechanism

[benl@…]

Signatures on submissions are checked to mitigate spam. Make this clear, and perhaps specify a currently-ok set of minimal checks.

[eranm@…]

Comments from trans wg meeting at IETF 90:
Steve Kent: A minimal set of checks is not sufficient. We should specify "the" set of checks. Allowing additional checks beyond a minimal subset leads to variation which you don't want.
Ben Laurie: Sounds reasonable.
Leif Johanson: What about if someone with a valid certificate tries to put it in after someone has already put in an invalid certificate.
Ben Laurie: Inclusion in the log doesn't say anything about the validity. The only check is to ensure that the signature chains to a valid CA.
Daniel Kahl Gilmore: From an auditing perspecive, would rather have a bad certificate in the log so we can find it.

Suggestion:
document the exact set of checks that the log does, which is signature validations on the chain.

[eranm@…]

(1) The "Informal Introduction" section explains why checking signatures over the chain is necessary.
(2) We've proposed language to clarify which certificates must be accepted by logs (logs may accept additional certificates but that is not required or guaranteed).

Out for review:
​https://github.com/google/certificate-transparency-rfcs/pull/14

[eranm@…]

Committed as ​https://github.com/google/certificate-transparency-rfcs/commit/88c7bf44d6a5d81204276a637a1dd0a49c70b8b4