Certificate Transparency + X.509v3 Extension


#1

Hi is there an plan to support CT via X509.3 extensions in the certificate?
So that there is no need to modify the server, i think this will make it easyer
for the users.

X.509v3 ExtensionCertificate
authorities can attach an SCT to a certificate using an X.509v3
extension. Figure 1 shows how this works. The certificate authority (CA)
submits a precertificate to the log, and the log returns an SCT. The CA
then attaches the SCT to the precertificate as an X.509v3 extension,
signs the certificate, and delivers the certificate to the server
operator.

This
method does not require any server modification, and it lets server
operators continue to manage their SSL certificates the same way they
always have


#2

By @jsha

If we provide SCTs, it would be via OCSP, definitely not by X.509v3 extension.


#3

Sorry my fault :frowning: Did not look properly.