On 22 January 2013 21:44, =JeffH
<Jeff(_dot_)Hodges(_at_)kingsmountain(_dot_)com> wrote:
<snip>
3.1. Log Entries
Anyone can submit a certificate to any log. In order to enable
attribution of each logged certificate to its issuer, the log SHALL
publish a list of acceptable root certificates (this list might
usefully be the union of root certificates trusted by major browser
vendors). Each submitted certificate MUST be accompanied by all
additional certificates required to verify the certificate chain up
to an accepted root certificate. The root certificate itself MAY be
omitted from this list.
a question I neglected to add here is: how do log services publish their
lists of "acceptable root certificates" ?
In the next version there's a URL for it.