[cabfpub] CT and OCSP Stapling
Rob Stradling
rob.stradling at comodo.com
Wed Oct 17 11:35:23 UTC 2012
Adam, at the New York F2F recently, you mentioned that you and Ben
didn't like the idea of embedding CT proofs in CA-provided OCSP
Responses. Your view was that this would "weaken CT". If you did
explain what you meant by this, I'm afraid I've forgotten what you said.
So...
Please would you or Ben explain exactly why you think it would "weaken CT"?
(IMHO, CT will only work if clients hard-fail on absence of a CT proof,
so it makes no difference what distribution channel is used to get a CT
proof to a client. I don't see how using the OCSP Stapling TLS
extension would be any "weaker" than using the RFC5878 TLS extension).
Thanks.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list