Opened 7 years ago

Closed 7 years ago

#42 closed defect (fixed)

redacted cert dangers

Reported by: kent@… Owned by: draft-ietf-trans-rfc6962-bis@…
Priority: blocker Milestone:
Component: rfc6962-bis Version:
Severity: - Keywords:
Cc:

Description

Section 7.3 alludes to the dangers of accepting an SCT for a redacted (CA) cert. But it fails to provide details on what constitutes an "over-redacted" cert (vs. examples) and thus the warning here does not seem to be implementable by (TLS) clients.

Change History (4)

comment:1 Changed 7 years ago by eranm@…

Overly redacted: (Looking only at the labels in the Precertificate) Where the entirety of the domain space below the unredacted part of the domain name is not owned or controlled by a single entity.

comment:2 Changed 7 years ago by eranm@…

This is out for review here: https://github.com/google/certificate-transparency-rfcs/pull/10
We solicit feedback on the terminology used to describe domain names and how to describe such names that contain wildcards deemed too broad.

comment:3 Changed 7 years ago by benl@…

As previously decided, we will not specify client behaviour in 6962-bis.

comment:4 Changed 7 years ago by benl@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.