Index: doc/rfc6962-bis.xml |
diff --git a/doc/rfc6962-bis.xml b/doc/rfc6962-bis.xml |
index b7140827eb3409b7d23405368604bf0a760faf03..eac20b81ea21a9c9b16711dac3a6cff9787fee1e 100644 |
--- a/doc/rfc6962-bis.xml |
+++ b/doc/rfc6962-bis.xml |
@@ -1098,12 +1098,15 @@ but it is expected there will be a variety. |
</section> |
<section title="TLS Client"> |
<t> |
- TLS clients are not directly clients of the log, but they receive |
-SCTs alongside or in server certificates. In addition to normal validation of |
-the certificate and its chain, they should validate the SCT by computing the |
-signature input from the SCT data as well as the certificate and verifying the |
-signature, using the corresponding log's public key. Note that this document |
-does not describe how clients obtain the logs' public keys. |
+ TLS clients receive SCTs alongside or in server certificates. In |
+addition to normal validation of the certificate and its chain, TLS clients |
+SHOULD validate the SCT by computing the signature input from the SCT data as |
+well as the certificate and verifying the signature, using the corresponding |
+log's public key. |
+ TLS clients MAY audit the corresponding log by requesting, and |
+verifying, a Merkle audit proof for said certificate. |
+ Note that this document does not describe how clients obtain the |
+logs' public keys or URLs. |
</t> |
<t> |
TLS clients MUST reject SCTs whose timestamp is in the future. |