[cabfpub] FW: Short lived OCSP signing certificate

Gervase Markham gerv at mozilla.org
Mon Sep 17 14:43:15 UTC 2012

Hi Mads,

On 17/09/12 14:40, Mads Egil Henriksveen wrote:
> *C: Short lived certificates*


> The application could deal with short lived SSL-certificates in a
> standard way, i.e. discard expired certificates. However, I assume that
> browsers to not support short lived Subscriber certificates properly at
> the moment (?).

Why assume that? Short-lived certificates are just the same, 
technically, as normal certificates which have nearly reached their 
expiry date. Why would browsers not support them properly?

One advantage of C over B is that it requires no infrastructure changes.


More information about the Public mailing list