On 2015-04-14 01:15, Peter Kurrasch wrote:
Let's use an example. Suppose CNNIC issues a cert for whitehouse[dot]gov and
let's further suppose that CNNIC includes this cert in the CT data since they
have agreed to do that. What happens next?
What I've been wondering about is whether we need a mechanism where the
CT log should approve the transition from one issuer to an other.
I image something like:
Issuer A: issue subject
Issuer B: Intend to issue subject
Issuer A: Allow migration to Issuer B of subject
Issuer B: issue subject
If we want go to with something like that, we probably need to think
about how this would work with multiple SANs and not migrating all of
them and things like that.
(This is probably more a discussion for the CT list, feel free to bring
it up there.)
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
