<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-2"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>True – short lived certs are typically not EV certs, but, as pointed out, the eventual plan is for all certs. We might as well make it uniform now. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Anyone use a short-lived cert must be able to easily replace existing certificates. That, combined with the relatively low number of certificates, minimalizes the risk of a site going dark because of a compromised log. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Jeremy<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>michal.proszkiewicz@unizeto.pl<br><b>Sent:</b> Wednesday, February 05, 2014 9:20 AM<br><b>To:</b> agl@chromium.org<br><b>Cc:</b> therightkey@ietf.org; public-bounces@cabforum.org; certificate-transparency@googlegroups.com; public@cabforum.org<br><b>Subject:</b> Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><br><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>If we are talking about EV certificates then probably there are not many that are valid for a 1 month.</span> <br><br><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>It may be the case for other types of certificates. For example CERTUM issue trusted test SSL certificates valid for 30 days (standard DV verification procedures and DV certificate profile).</span> <br><br><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>From the other hand we give our customer possibility to manually shorten validity period to one day if they like (for every certificate type).</span> <br><br><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>-Michał</span> <br><br><br><o:p></o:p></p><table class=MsoNormalTable border=0 cellpadding=0 width="100%" style='width:100.0%'><tr><td width="40%" valign=top style='width:40.0%;padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><b><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Adam Langley <<a href="mailto:agl@chromium.org">agl@chromium.org</a>></span></b><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'> </span><br><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Wysłane przez: <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a></span> <o:p></o:p></p><p><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>2014-02-05 16:40</span> <o:p></o:p></p></td><td width="59%" valign=top style='width:59.0%;padding:.75pt .75pt .75pt .75pt'><table class=MsoNormalTable border=0 cellpadding=0 width="100%" style='width:100.0%'><tr><td valign=top style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=right style='text-align:right'><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Do</span><o:p></o:p></p></td><td valign=top style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>certificate-transparency <<a href="mailto:certificate-transparency@googlegroups.com">certificate-transparency@googlegroups.com</a>></span> <o:p></o:p></p></td></tr><tr><td valign=top style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=right style='text-align:right'><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>DW</span><o:p></o:p></p></td><td valign=top style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>"<a href="mailto:therightkey@ietf.org">therightkey@ietf.org</a>" <<a href="mailto:therightkey@ietf.org">therightkey@ietf.org</a>>, CABFPub <<a href="mailto:public@cabforum.org">public@cabforum.org</a>></span> <o:p></o:p></p></td></tr><tr><td valign=top style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal align=right style='text-align:right'><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Temat</span><o:p></o:p></p></td><td valign=top style='padding:.75pt .75pt .75pt .75pt'><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan</span><o:p></o:p></p></td></tr></table><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellpadding=0><tr><td valign=top style='padding:.75pt .75pt .75pt .75pt'></td><td valign=top style='padding:.75pt .75pt .75pt .75pt'></td></tr></table></td></tr></table><p class=MsoNormal><br><br><br><tt><span style='font-size:10.0pt'>On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <<a href="mailto:rob.stradling@comodo.com">rob.stradling@comodo.com</a>> wrote:</span></tt><span style='font-size:10.0pt;font-family:"Courier New"'><br><tt>> Also, what happened to the idea of only requiring 1 SCT for a 1-month cert?</tt><br><br><tt>I'm to blame for that.</tt><br><br><tt>Certificates with a single SCT put a lower bound on how quickly we can</tt><br><tt>distrust a log (at least without special measures, such as shipping</tt><br><tt>the whole, public log hashes to all the clients, which is probably</tt><br><tt>impractical.) Since I'm not aware of any CAs issuing one month certs,</tt><br><tt>and it only saves ~100 bytes vs 2 SCTs, it seemed to be something that</tt><br><tt>should be dropped.</tt><br><br><br><tt>Cheers</tt><br><br><tt>AGL</tt><br><tt>_______________________________________________</tt><br><tt>Public mailing list</tt><br><tt><a href="mailto:Public@cabforum.org">Public@cabforum.org</a></tt><br></span><a href="https://cabforum.org/mailman/listinfo/public"><tt><span style='font-size:10.0pt'>https://cabforum.org/mailman/listinfo/public</span></tt><span style='font-size:10.0pt;font-family:"Courier New"'><br></span></a><o:p></o:p></p></div></body></html>