Re: LC comments on draft-laurie-pki-sunlight-05

On 22 January 2013 21:44, =JeffH 
<Jeff(_dot_)Hodges(_at_)kingsmountain(_dot_)com> wrote:

<snip>

3.1. Log Entries

   Anyone can submit a certificate to any log.  In order to enable
   attribution of each logged certificate to its issuer, the log SHALL
   publish a list of acceptable root certificates (this list might
   usefully be the union of root certificates trusted by major browser
   vendors).  Each submitted certificate MUST be accompanied by all
   additional certificates required to verify the certificate chain up
   to an accepted root certificate.  The root certificate itself MAY be
   omitted from this list.


a question I neglected to add here is: how do log services publish their
lists of "acceptable root certificates" ?


In the next version there's a URL for it.

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Last Call: <draft-farrell-ft-03.txt> (A Fast-Track way to RFC with Running Code) to Experimental RFC, Stephen Farrell

Next by Date:

Re: LC comments on draft-laurie-pki-sunlight-05 - "acceptable root certificates" ?, Ben Laurie

Previous by Thread:

Re: LC comments on draft-laurie-pki-sunlight-05 - "acceptable root certificates" ?, =JeffH

Next by Thread:

Re: LC comments on draft-laurie-pki-sunlight-05 - "acceptable root certificates" ?, =JeffH

Indexes:

[Date] [Thread] [Top] [All Lists]