> I'd like some elaboration on the plan for step 6, creating a whitelist of
> > valid EV certificates without an SCT. How is this going to be achieved? > > Not sure what the question is - as the doc says, the list will be > constructed from the logs... > I think I read it incorrectly as "without an embedded CT from *any* qualify logs" instead of "from all qualifying logs." Now I can see how the whitelist is created, but I'm less clear on what the intention of it is. Is the assumption that some certs will be issued with more than zero but fewer than three SCTs (proposed to the minimum acceptable in the "Qualifying Certificates" section) and you'd like to whitelist such certs during the rollout period? Also, why isn't there be a step 8 in the plan, where the whitelist is deprecated and every EV cert requires SCTs and Chrome is rejecting the EV certs without them?
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey