search

alecmuffett / certificate-transparency

Automatically exported from code.google.com/p/certificate-transparency
0 stars 0 forks source link

RFC6962-bis: PreCertificates needs clrifications #18

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 

The description of PreCertificates is inconsistent and in some places not 
entirely correct. 
There is a thread in the forum with discussion and specific suggestions what 
can be done in the spec.

https://groups.google.com/forum/?fromgroups#!searchin/certificate-transparency/P
reCertificates/certificate-transparency/1tWzSXKe3gQ/k7MMToUUX4UJ

Original issue reported on code.google.com by Tomasshr...@gmail.com on 18 Oct 2013 at 1:18

GoogleCodeExporter commented 9 years ago 
I realize it's might be not bullet point clear so I'll give it a try:

- PreCertificates are introduced in the spec without explaining why they are 
there, You have to read through up and down a couple of times to figure it out.
  Explain in the beginning, when introducing it, why we need a PreCertificates.
- If is claimed in the beginning that the PreCertificate is the actual 
TBSCertificate of the certificate to be signed. This is not true, since more 
stuff is added to the real certificate afterwards.
  Describe the PreCertificate as using the TBSStructure for simplicity (as it could actually be any structure).
  Describe what is the actual data that is critical in the PreCertificate, so it is clear what can be added later and what can not be.

Original comment by Tomasshr...@gmail.com on 18 Nov 2013 at 12:45

GoogleCodeExporter commented 9 years ago 
All data is critical until we decide otherwise.

Fixed at efd36db.

Original comment by benl@google.com on 19 Nov 2013 at 2:41

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision 42a6fbf5e2ca.

Original comment by benl@google.com on 19 Nov 2013 at 2:44