Opened 7 years ago

Closed 7 years ago

#35 closed defect (fixed)

server SCT transmission restriction is misstated

Reported by: kent@… Owned by: draft-ietf-trans-rfc6962-bis@…
Priority: minor Milestone:
Component: rfc6962-bis Version:
Severity: - Keywords:
Cc:

Description

Section 3.4.1 explains how a client notifies a server that the client is CT-enabled. The text here says “Servers MUST only send SCTs to clients who have indicated support for the extension in the ClientHello?, in which case the SCTs are sent by setting the "extension_data" to a "SignedCertificateTimestampList?".” This restriction makes sense ONLY iof the SCT is transmitted as part of the TLS handshake, not if it is embedded in a cert or is part of an OCSP response.

Change History (1)

comment:1 Changed 7 years ago by benl@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.