Ben, Can you clarify something? The SCT delivery options described in the RFC are options for the web site owner, not for the CA. CAs will need to support all three options. We will have customers who won’t do stapling and can’t handle TLS extensions, so they just want the SCTs embedded in the cert. But not all customers will prefer that option. I believe other customers will want the SCT-in-the-OCSP-response or TLS extension option, because in those options you don’t have to transmit the SCTs in every SSL handshake. I suspect some of our large customers who are obsessed with performance will demand one of these options. So CAs will need to support all three options, unless you’re so small a CA that your few EV customers agree on one option. Is that your expectation?
-Rick > -----Original Message----- > From: therightkey [mailto:therightkey-boun...@ietf.org] On Behalf Of > Ben Laurie > Sent: Tuesday, February 04, 2014 9:08 AM > To: CABFPub; certificate-transpare...@googlegroups.com; > therightkey@ietf.org > Subject: [therightkey] Updated Certificate Transparency + Extended > Validation plan > > Enclosed, our revised plan. > > Comments welcome. _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
