Embed SCT receipts in certificates
ETA: February, 2018
對 Embed SCT 不熟，所以查了查這個功能。
What is an SCT?
An SCT is a signed certificate timestamp. When a certificate authority or a server operator submits a certificate to a log, the log responds with an SCT. An SCT is essentially a promise that the log server will add the certificate to the log in a specific time. The time, known as the maximum merge delay (MMD), helps ensure that certificates are added to logs in a reasonable time. The SCT accompanies the certificate until the certificate is revoked. A TLS server must present the SCT to a TLS client (along with the SSL certificate) during the TLS handshake.
當使用 ECC 時會小於 100 bytes：
How big is an SCT?
SCTs are less than 100 bytes, assuming elliptic curve signatures are used.
不過我記得 CT server 可以自己架自己 submit 不是嗎？後來有另外規定一定要用第三方的嗎？這樣又很怪...