@jsha raised this on the ct-policy mailing list , highlighting how TLS allows certificates up to 2^24 bytes (16.7 MB), while it's likely that logs may have a much smaller maximum client body size, or have implementations (e.g. MySQL) which have limits on maximum row size in some design.
Large certificates totally exist, and it should be better specified how to handle these.
@jsha raised this on the ct-policy mailing list , highlighting how TLS allows certificates up to 2^24 bytes (16.7 MB), while it's likely that logs may have a much smaller maximum client body size, or have implementations (e.g. MySQL) which have limits on maximum row size in some design.
Large certificates totally exist, and it should be better specified how to handle these.