Opened 7 years ago

Last modified 7 years ago

#31 new defect

incremental deployment and client behavior

Reported by: kent@… Owned by: eranm@…
Priority: critical Milestone:
Component: client-behavior Version:
Severity: - Keywords:
Cc:

Description

Section 3 states that a client MUST rejects that are not accompanied by an SCT. This mandate is incompatible with incremental deployment. The authors have indicated that incremental deployment is a goal for CT. Revise the test to specify how (TLS) clients are expected to behave in the face of incremental deployment.

Change History (4)

comment:1 Changed 7 years ago by eranm@…

(1) The current wording implies specifying client behaviour. As we do not intend to specify it, we should reword it to say that a certificate not accompanied by an SCT MUST NOT be considered CT compliant (as one of the situations the client could encounter).
(2) Then there's no mandated hard-fail and the issue around incremental deployment is moot - the client can decide when, and for which certificates, it requires CT compliance.

Bottom line: Reword to remove the hard requirement and include this situation in the list of situations a client could encounter.

comment:2 Changed 7 years ago by eranm@…

  • Owner changed from draft-ietf-trans-rfc6962-bis@… to eranm@…

comment:3 Changed 7 years ago by eranm@…

Committed as https://github.com/google/certificate-transparency-rfcs/commit/075ef0338f7d9e989a6a54027ca5c457e2586e9b
Leaving ticket open as a reminder to include this situation when listing situations a client may encounter.

comment:4 Changed 7 years ago by benl@…

  • Component changed from rfc6962-bis to client-behavior
Note: See TracTickets for help on using tickets.