Opened 8 years ago

Closed 8 years ago

#3 closed defect (fixed)

TLS clients should audit

Reported by: eranm@… Owned by: benl@…
Priority: major Milestone:
Component: rfc6962-bis Version:
Severity: - Keywords:
Cc: rob.stradling@…

Description

Benl: Update section 5.2 to say that TLS clients should audit.

Change History (6)

comment:2 Changed 8 years ago by rob.stradling@…

  • Cc rob.stradling@… added

TLS Clients SHOULD audit what?

STHs? SCTs? Both?

comment:3 Changed 8 years ago by eranm@…

Reading this section I've noticed that TLS clients are currently not strongly required to check the SCT (should rather than SHOULD).

Ben may have meant fetching audit paths as defined in 2.1.1., which is reasonable: If the SCT is the log's "promise" to incorporate the certificate into its tree, then fetching an audit path is the way to make sure the log kept its promise.

comment:5 Changed 8 years ago by eranm@…

I've messed up the reviews, this was addressed in:
https://codereview.appspot.com/68960047/

And was approved by Ben, so I pushed it.
Marking issue as closed, please re-open if I still haven't fully grasped the meaning of this issue.

comment:6 Changed 8 years ago by eranm@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.