<div dir="ltr"><div>Is there anyone on the relying party side of the universe that believes revocation works? Even among browsers that send OCSP requests, none of them hard-fail if it doesn't work, because in practice, OCSP servers are so awful that HTTPS would become unusable. So OCSP is still, as AGL says, a seat belt that breaks when you crash. Seems fair to call that broken.<br><br></div><div>Even if OCSP were magically to become usable, though, (or some replacement for it) this ballot would still be necessary for all the other reasons that have been discussed here.<br></div><br><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 3, 2017 at 11:34 AM, Rich Smith via Public <span dir="ltr"><<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Ryan, since you're using your age old FUD "revocation doesn't work"
(because certain browsers have chosen not to consult revocation
information) as part of the reasoning as to why this ballot is
necessary, I think it's quite germane to the discussion.<div><div class="h5"><br>
<br>
<div class="m_-8806561007297147484moz-cite-prefix">On 2/3/2017 11:38 AM, Ryan Sleevi via
Public wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 3, 2017 at 9:11 AM, Rob
Stradling <span dir="ltr"><<a href="mailto:rob.stradling@comodo.com" target="_blank">rob.stradling@comodo.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ryan,
what targets (filesize/performance/reliabil<wbr>ity/reachability/etc)
would CAs need to meet before it would become viable to
reintroduce CRLs to the WebPKI (i.e., for Chrome to start
checking CRLs and hard-failing if they're unobtainable)?<br>
</blockquote>
<div><br>
</div>
<div>Happy to have that discussion at another time, but it's
not germane to the discussion at hand, as I clearly
indicated in the original message. It's necessary, but not
sufficient, to have that, and we're not presently
proposing addressing all the other necessary conditions.
Baby steps.</div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-8806561007297147484mimeAttachmentHeader"></fieldset>
<br>
</div></div><span class=""><pre>______________________________<wbr>_________________
Public mailing list
<a class="m_-8806561007297147484moz-txt-link-abbreviated" href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a>
<a class="m_-8806561007297147484moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/<wbr>listinfo/public</a>
</pre>
</span></blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/<wbr>listinfo/public</a><br>
<br></blockquote></div><br></div></div></div></div>