Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(92)

Issue 91020046: RFC6962-bis: Require clients to audit logs (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
7 years, 8 months ago by Eran
Modified:
7 years, 8 months ago
Visibility:
Public.

Description

RFC6962-bis: Require clients to audit logs. To the best of my understanding this means requiring clients to request audit proofs from the log and validate them. I've used MAY rather than MUST or SHOULD so not to force clients to communicate with the log directly. Once we have DNS-based proof lookups defined we can change that. Trac issue #3 (http://trac.tools.ietf.org/wg/trans/trac/ticket/3)

Patch Set 1 #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+7 lines, -4 lines) Patch
M doc/rfc6962-bis.xml View 1 chunk +7 lines, -4 lines 2 comments Download

Messages

Total messages: 4
Eran
7 years, 8 months ago (2014-05-02 11:21:43 UTC) #1
Rob Stradling
https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml File doc/rfc6962-bis.xml (right): https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml#newcode1107 doc/rfc6962-bis.xml:1107: verifying, a Merkle audit proof for said certificate. TLS ...
7 years, 8 months ago (2014-05-02 11:47:28 UTC) #2
Eran
Thanks for the quick review! https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml File doc/rfc6962-bis.xml (right): https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml#newcode1107 doc/rfc6962-bis.xml:1107: verifying, a Merkle audit ...
7 years, 8 months ago (2014-05-02 12:24:22 UTC) #3
Eran
7 years, 8 months ago (2014-05-08 14:31:30 UTC) #4
On 2014/05/02 12:24:22, Eran wrote:
> Thanks for the quick review!
> 
> https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml
> File doc/rfc6962-bis.xml (right):
> 
> https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml#newcode1107
> doc/rfc6962-bis.xml:1107: verifying, a Merkle audit proof for said
certificate.
> On 2014/05/02 11:47:28, Rob Stradling wrote:
> > TLS clients that request Merkle audit proofs *are* "directly clients of the
> > log".
> > 
> > How about shortening the first sentence to:
> > "TLS clients receive SCTs alongside or in server certificates."
> 
> Done.

This has actually been addressed in https://codereview.appspot.com/68960047/.
Sorry for the duplicate review, if you have any comments please add them to that
issue and I'll address them.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b