[cabfpub] Ballot for limited exemption to RFC 5280 for CTimplementation

Ben Laurie benl at google.com
Mon Sep 22 14:02:34 UTC 2014

On 19 September 2014 22:41, Brian Smith <brian at briansmith.org> wrote:
> I understand. My point is that the specification doesn't say what
> transforms on the precert are to be done by the CA, which are to be
> done by the log, and which are to be done by the client. It just says
> that those transforms must be done in order to verify SCTs.

I'm not sure I understand your point - anyone who wants to generate or
verify an SCT must do those transforms. I think the spec is quite
clear that you start with a precert and from it derive an SCT by
transforming it in various ways. Certainly that's the intention - if
you think it is unclear perhaps you could suggest a change to the
wording (on the trans mailing list, I'd suggest)?

More information about the Public mailing list