- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 26 Sep 2017 15:10:29 +1000
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Mike Bishop <Michael.Bishop@microsoft.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>, Erik Nygren <erik@nygren.org>
On Tue, Sep 26, 2017 at 12:09 PM, Mark Nottingham <mnot@mnot.net> wrote:
> """
> As a result, clients opting not to consult DNS ought to employ some alternative means to establish a high degree of confidence that the certificate is legitimate. For example, clients might skip consulting DNS only if they receive proof of inclusion in a Certificate Transparency log {{?RFC6929}} or they have a recent OCSP response {{?RFC6960}} (possibly using the "status_request" TLS extension {{?RFC6066}}) showing that the certificate was not revoked.
> """
>
> Does that work for everyone?
I think that you caught the important pieces. They really did overlap
almost perfectly.
Received on Tuesday, 26 September 2017 05:10:53 UTC