Re: [Trans] making progress on precertificate discussion

[Stephen Kent <kent@bbn.com>]

Melinda,

> Hi, all:
>
> Problems around precertificate contents and formats were among
> the things we first discussed when the working group was chartered,
> and here we are, still at it.  There are basically two problems
> that fall under the "precertificate" rubric: 1) whether or not
> it's possible/reasonable to include a certificate's serial number
> (as this implies that the issuer will know in advance what the
> serial number will be), and 2) encoding/representation.  There's
> a general sense that the first *seems* like it ought to be a
> problem, but we haven't had CAs stepping forward saying that
> this would prevent them from being able to implement and
> would be unacceptably onerous for them.  Instead, we're hearing
> reports of at least one major CA solving the problem by
> simultaneously issuing precertificates and certs.
I'm confused by the last sentence above. One can issue a cert at the
same time a pre-cert is issued, but the cert does not contain the
SCT that will be generated by the log, so the parallel issuance seems 
redundant,
and I'm not sure how it helps.
> Given the lack of new information and lack of new technical
> arguments, I think we need to close the serial number aspect of
> the discussion and go ahead with continuing to include it in
> precertificates.  This is the IETF and nearly any decision can
> be revisited with the introduction of new information or a new,
> compelling argument.  But in the meantime we need to move forward,
> so let's close this one and move on to trying to close the encoding
> discussion.
I'd feel more comfortable on this topic if we had the results
of the CABF member poll I suggested. Is there any progress on
that front?

Steve