[cabfpub] Short Lived Certificates

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Fri Jul 27 19:28:06 UTC 2012

On 07/27/2012 09:53 PM, From Adam Langley:
> I agree that in the event that the attacker is competent enough to
> MITM with the leaked key, but dumb enough that they don't block OCSP
> lookups, revocation does protect the user.

One of the goals are to enable hard failure for cases where no OCSP 
response and no CRL could be obtained.

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120727/ac36b25c/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4506 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120727/ac36b25c/attachment-0002.p7s>

More information about the Public mailing list