[cabfpub] FW: Short lived OCSP signing certificate
Rich Smith
richard.smith at comodo.com
Thu Sep 20 15:51:43 UTC 2012
I’d like to hear from the browsers on this. IMO if they are not going to change the behavior to hard fail on expiration then there is really no point in even continuing to discuss short lived certs as a solution to the revocation problem.
-Rich
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Thursday, September 20, 2012 6:30 AM
To: public at cabforum.org >> "public at cabforum.org"
Subject: Re: [cabfpub] FW: Short lived OCSP signing certificate
On 09/20/2012 11:48 AM, From Rob Stradling:
Do you think browsers should block access to sites that use expired certs (in the same way that they block access to sites that use revoked certs)?
I think so - with the possibility for admins to override it. But that shouldn't the casual "Please click me through" thing...
Regards
Signer:
Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP:
startcom at startcom.org
Blog:
Join the Revolution! <http://blog.startcom.org>
Twitter:
Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120920/7dbe4e2c/attachment-0004.html>
More information about the Public
mailing list