[cabfpub] Updated Certificate Transparency + ExtendedValidationplan
Rob Stradling
rob.stradling at comodo.com
Fri Mar 6 20:11:10 UTC 2015
On 06/03/15 20:05, Eddy Nigg wrote:
>
> On 03/06/2015 05:46 PM, Rob Stradling wrote:
>> (*) Unless the certificate holder's TLS server supports the RFC6962
>> signed_certificate_timestamp TLS extension or OCSP Stapling (and the
>> CA embeds SCTs into OCSP Responses). Both of these possibilities are
>> likely to be rare at the moment.
>
> The latter two are the options we are most interested in - but actually
> I'm not sure if including CT with OCSP is ready for showtime and honored
> by Chrome....who knows more about it?
Hi Eddy. It's ready for showtime.
RFC6962 says "TLS clients MUST implement all three mechanisms."
Chrome supports all three mechanisms.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list