Opened 7 years ago

#66 new defect

revise the description of what logs MAY do re cert syntax checking

Reported by: kent@… Owned by: draft-ietf-trans-rfc6962-bis@…
Priority: major Milestone:
Component: client-behavior Version:
Severity: - Keywords:


The current text does not specify log behavior wrt cert syntax checking. The MAY here is vague and thus does not allow a Submitter to know what checks any log will or will not perform on submitted certs. Steve Kent's proposed definition of a certificate type field to submissions and SCTs would provide a cleaner way to deal with this, i.e., logs that do perform syntactic checks can do so and the result of the checks can be expressed in the SCT. A log operator could describe the set of syntactic checks that it performs (if it is not the same as DV or EV or other, published specs), and register them using the IANA mechanism I noted. Finally, just as a log advertises the set of CA certificates that it accepts as trust anchors, it could advertise the set of certificate types it accepts in submitted certificates, thus making submitters aware of what will and will not be checked.

Change History (0)

Note: See TracTickets for help on using tickets.