Comments (3)
pphaneuf
commented on May 3, 2024
RFC6962 Section 3.3 says:
"...or by using Online Certificate Status
Protocol (OCSP) Stapling (also known as the "Certificate Status
Request" TLS extension; see [RFC6066]), where the response includes
an OCSP extension with OID 1.3.6.1.4.1.11129.2.4.5..."
"OCSP extension" is ambiguous here. An RFC2560/6960 "Basic" OCSP Response can contain status information for 1 or more certificates. For each certificate, there is an optional "singleExtensions" list of extensions. And at the very end of the Response, there is an optional "responseExtensions" list of extensions.
Since each SCT relates to precisely one certificate, I think that "singleExtensions" is the right place to put the .2.4.5 extension.
To avoid interop issues, could RFC6962-bis clarify this?
(It's very common for an OCSP Response to only include status for 1 certificate, so some implementers might put the .2.4.5 extension in "responseExtensions" without even considering the alternative).
from certificate-transparency.
pphaneuf
commented on May 3, 2024
That seems like a good idea.
from certificate-transparency.
pphaneuf
commented on May 3, 2024
Clarified in
https://code.google.com/p/certificate-transparency/source/detail?r=2f68eabeefdd81dabb2ff6dc58fd006e2b11a4d6
from certificate-transparency.
Related Issues (20)
- Add Python client to PyPI HOT 1
- how to create or develop load balancer ct HOT 1
- "Failed to determine suitable serving STH." when starting new mirror HOT 2
- Can anyone help me step by step to manage certificate transparency
- certificate-transparency does not build with protobuf 3.7.0
- Using instructions in README fails to build HOT 2
- Requirements for installing with python3 can't be fullfilled HOT 2
- Integrating with OSS-Fuzz
- Invalid schema expectation in print_log_list HOT 1
- Google should provide log_list.json in it's various derived formats HOT 1
- Request: Google OSS contributions to CT enable Wget and libCurl
- Wrong certificate transparency log log_list.json was served from cache HOT 8
- A Error when i am try build. HOT 3
- [email protected]
- https://bugs.chromium.org/p/chromium/issues/entry?template=Security%20Bug
- Certificate HOT 1
- Certificate HOT 1
- Python for Data Science
- Automated suggesting for certicate
- Sex
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certificate-transparency.