Precertificate is a capitalized term across the TLS BR document but it is not a defined term

[CBonnell]

          Precertificate is a capitalized term across the TLS BR document but it is not a defined term.

Originally posted by @mschambach in #563 (comment)

[github-actions]

This issue was created based on:

• TLS BR Version 2.1.1
• EVG Version 2.0.1

[XolphinMartijn]

Do we want to take the first sentence from section 7.1.2.9 for this, and add the poison extension bit to it??

Precertificate: A Precertificate is a signed data structure that can be submitted to a Certificate Transparency log, as defined by RFC 6962 and containing a critical poison extension (OID 1.3.6.1.4.1.11129.2.4.3).

[mschambach]

I like it. Thanks Marco S. TrustID Program Manager From: Martijn Katerbarg ***@***.***> Sent: Friday, December 6, 2024 8:57 AM To: cabforum/servercert ***@***.***> Cc: Marco Schambach ***@***.***>; Mention ***@***.***> Subject: [External]Re: [cabforum/servercert] Precertificate is a capitalized term across the TLS BR document but it is not a defined term (Issue #564) Do we want to take the first sentence from section 7.1.2.9 for this, and add the poison extension bit to it?? Precertificate: A Precertificate is a signed data structure that can be submitted to a Certificate Transparency log, as defined by RFC 6962 <https://tools.ietf.org/doc/html/rfc6962> and containing a critical poison extension (OID 1.3.6.1.4.1.11129.2.4.3). — Reply to this email directly, view it on GitHub <#564 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIQ6DCOYCHU35T5LWPXWCKD2EGUMBAVCNFSM6AAAAABTAWQK5KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMRTGMYDQOJSGM> . You are receiving this because you were mentioned. <https://github.com/notifications/beacon/AIQ6DCMGOPKE6DTEHXOO47L2EGUMBA5CNFSM6AAAAABTAWQK5KWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTUWM2RXW.gif> Message ID: ***@***.*** ***@***.***> >

[CBonnell]

Perhaps a nit, but I would change "a" to "the" in "a critical poison extension" so it's abundantly clear there is only one extension type that qualifies as the poison extension:

Precertificate: A Precertificate is a signed data structure that can be submitted to a Certificate Transparency log, as defined by RFC 6962 and containing the critical poison extension (OID 1.3.6.1.4.1.11129.2.4.3).