briansmith
commented
3 years ago - [ ] Support external SCTs. Prototype this by implementing it in terms of sct.rs.
- [ ] Parse SCTs embedded in certificates
- [ ] Valid SCTs should be required by default; there should be an option to disable this requirement. How many SCTs and what kind of diversity of logs should be required is TBD. Probably we'll copy what browsers do to the extent they agree. Feedback is appreciated on what this policy should be.