Issue 91020046: RFC6962-bis: Require clients to audit logs

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 91020046: RFC6962-bis: Require clients to audit logs (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
9 years, 11 months ago by Eran

Modified:
9 years, 11 months ago

Reviewers:
Ben Laurie (Google), Rob Stradling

Visibility:
Public.

More Reviews

Description

RFC6962-bis: Require clients to audit logs. To the best of my understanding this means requiring clients to request audit proofs from the log and validate them. I've used MAY rather than MUST or SHOULD so not to force clients to communicate with the log directly. Once we have DNS-based proof lookups defined we can change that. Trac issue #3 (http://trac.tools.ietf.org/wg/trans/trac/ticket/3)

Patch Set 1 #

Total comments: 2

Created: 9 years, 11 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+7 lines, -4 lines)			Patch
	M	doc/rfc6962-bis.xml	View		1 chunk	+7 lines, -4 lines	2 comments	Download

Messages

Total messages: 4

Expand All Messages | Collapse All Messages

Rob Stradling

https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml File doc/rfc6962-bis.xml (right): https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml#newcode1107 doc/rfc6962-bis.xml:1107: verifying, a Merkle audit proof for said certificate. TLS ...

9 years, 11 months ago (2014-05-02 11:47:28 UTC) #2

Eran

Thanks for the quick review! https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml File doc/rfc6962-bis.xml (right): https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml#newcode1107 doc/rfc6962-bis.xml:1107: verifying, a Merkle audit ...

9 years, 11 months ago (2014-05-02 12:24:22 UTC) #3

Eran

9 years, 11 months ago (2014-05-08 14:31:30 UTC) #4

On 2014/05/02 12:24:22, Eran wrote:
> Thanks for the quick review!
> 
> https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml
> File doc/rfc6962-bis.xml (right):
> 
> https://codereview.appspot.com/91020046/diff/1/doc/rfc6962-bis.xml#newcode1107
> doc/rfc6962-bis.xml:1107: verifying, a Merkle audit proof for said
certificate.
> On 2014/05/02 11:47:28, Rob Stradling wrote:
> > TLS clients that request Merkle audit proofs *are* "directly clients of the
> > log".
> > 
> > How about shortening the first sentence to:
> > "TLS clients receive SCTs alongside or in server certificates."
> 
> Done.

This has actually been addressed in https://codereview.appspot.com/68960047/.
Sorry for the duplicate review, if you have any comments please add them to that
issue and I'll address them.

Expand All Messages | Collapse All Messages