Clearer definition of when a certificate is CT-compliant needed

[eranm@…]

The current text in the "Including the Signed Certificate Timestamp in the TLS Handshake" has a few problems, particularly:
"The SCT data corresponding to at least one certificate in the chain
from at least one log must be included in the TLS handshake..."

• The text should make a clear assertion that this is for a certificate to be considered CT-compliant.
• The 'must' should be a MUST.
• The text currently requires 'at least one certificate in the chain'. It does not require the SCTs to be for the leaf cert (although currently there's no way to indicate any of the non-embedded SCTs are for a certificate that's not the leaf certificate).

The text could be pivoted to indicate that any certificate in the chain accompanied by SCTs is considered CT-compliant.

[eranm@…]

Propose this ticket be closed (Fixed) as the term 'compliant' is now used consistently throughout the text to mean 'compliant with the RFC'.
For example, see ​https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-10#section-9.2:
"By validating SCTs, TLS clients can thus determine whether

certificates are compliant. A certificate not accompanied by a valid
SCT MUST NOT be considered compliant by TLS clients.".