[cabfpub] Updated Certificate Transparency + ExtendedValidationplan

Rob Stradling rob.stradling at comodo.com
Fri Mar 6 20:11:10 UTC 2015

On 06/03/15 20:05, Eddy Nigg wrote:
> On 03/06/2015 05:46 PM, Rob Stradling wrote:
>> (*) Unless the certificate holder's TLS server supports the RFC6962
>> signed_certificate_timestamp TLS extension or OCSP Stapling (and the
>> CA embeds SCTs into OCSP Responses).  Both of these possibilities are
>> likely to be rare at the moment.
> The latter two are the options we are most interested in - but actually
> I'm not sure if including CT with OCSP is ready for showtime and honored
> by Chrome....who knows more about it?

Hi Eddy.  It's ready for showtime.

RFC6962 says "TLS clients MUST implement all three mechanisms."

Chrome supports all three mechanisms.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list