[cabfpub] Ballot for limited exemption to RFC 5280 for CTimplementation

Brian Smith brian at briansmith.org
Mon Sep 22 23:11:25 UTC 2014

On Mon, Sep 22, 2014 at 7:02 AM, Ben Laurie <benl at google.com> wrote:
> On 19 September 2014 22:41, Brian Smith <brian at briansmith.org> wrote:
>> I understand. My point is that the specification doesn't say what
>> transforms on the precert are to be done by the CA, which are to be
>> done by the log, and which are to be done by the client. It just says
>> that those transforms must be done in order to verify SCTs.
> I'm not sure I understand your point - anyone who wants to generate or
> verify an SCT must do those transforms. I think the spec is quite
> clear that you start with a precert and from it derive an SCT by
> transforming it in various ways. Certainly that's the intention - if
> you think it is unclear perhaps you could suggest a change to the
> wording (on the trans mailing list, I'd suggest)?

My point is that it the RFC makes it unclear what the contents of a
precert--the thing signed by the CA and sent to the log--are in the
case a precertificate signing certificate is used. Consequently, it is
difficult to write code or a prose explanation for comparing two X.509
certificates to determine if one is a precert for the other. It is
useful to be able to describe such a comparison, because that would
allow any amendment to the BRs to be scoped appropriately, so that the
amendment doesn't end up effectively allowing CAs to issue
certificates with duplicate serial numbers in an unrestricted manner
just by saying "that's not a certificate, it's a precertificate."


More information about the Public mailing list