Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(829)

Unified Diff: doc/rfc6962-bis.xml

Issue 68960047: Require log submitters to verify SCTs (Closed)
Patch Set: Addressing review comments. Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: doc/rfc6962-bis.xml
diff --git a/doc/rfc6962-bis.xml b/doc/rfc6962-bis.xml
index b7140827eb3409b7d23405368604bf0a760faf03..eac20b81ea21a9c9b16711dac3a6cff9787fee1e 100644
--- a/doc/rfc6962-bis.xml
+++ b/doc/rfc6962-bis.xml
@@ -1098,12 +1098,15 @@ but it is expected there will be a variety.
</section>
<section title="TLS Client">
<t>
- TLS clients are not directly clients of the log, but they receive
-SCTs alongside or in server certificates. In addition to normal validation of
-the certificate and its chain, they should validate the SCT by computing the
-signature input from the SCT data as well as the certificate and verifying the
-signature, using the corresponding log's public key. Note that this document
-does not describe how clients obtain the logs' public keys.
+ TLS clients receive SCTs alongside or in server certificates. In
+addition to normal validation of the certificate and its chain, TLS clients
+SHOULD validate the SCT by computing the signature input from the SCT data as
+well as the certificate and verifying the signature, using the corresponding
+log's public key.
+ TLS clients MAY audit the corresponding log by requesting, and
+verifying, a Merkle audit proof for said certificate.
+ Note that this document does not describe how clients obtain the
+logs' public keys or URLs.
</t>
<t>
TLS clients MUST reject SCTs whose timestamp is in the future.
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b