On 22 January 2013 21:44, =JeffH <Jeff.Hodges@xxxxxxxxxxxxxxxxx> wrote: > <snip> > >>>> 3.1. Log Entries >>>> >>>> Anyone can submit a certificate to any log. In order to enable >>>> attribution of each logged certificate to its issuer, the log SHALL >>>> publish a list of acceptable root certificates (this list might >>>> usefully be the union of root certificates trusted by major browser >>>> vendors). Each submitted certificate MUST be accompanied by all >>>> additional certificates required to verify the certificate chain up >>>> to an accepted root certificate. The root certificate itself MAY be >>>> omitted from this list. > > a question I neglected to add here is: how do log services publish their > lists of "acceptable root certificates" ? In the next version there's a URL for it.