[cabfpub] FW: Short lived OCSP signing certificate
Gervase Markham
gerv at mozilla.org
Mon Sep 17 14:43:15 UTC 2012
Hi Mads,
On 17/09/12 14:40, Mads Egil Henriksveen wrote:
> *C: Short lived certificates*
...
> The application could deal with short lived SSL-certificates in a
> standard way, i.e. discard expired certificates. However, I assume that
> browsers to not support short lived Subscriber certificates properly at
> the moment (?).
Why assume that? Short-lived certificates are just the same,
technically, as normal certificates which have nearly reached their
expiry date. Why would browsers not support them properly?
One advantage of C over B is that it requires no infrastructure changes.
Gerv
More information about the Public
mailing list