[cabfpub] FW: Short lived OCSP signing certificate

Rich Smith richard.smith at comodo.com
Thu Sep 20 15:51:43 UTC 2012

I’d like to hear from the browsers on this.  IMO if they are not going to change the behavior to hard fail on expiration then there is really no point in even continuing to discuss short lived certs as a solution to the revocation problem.



From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Thursday, September 20, 2012 6:30 AM
To: public at cabforum.org >> "public at cabforum.org"
Subject: Re: [cabfpub] FW: Short lived OCSP signing certificate


On 09/20/2012 11:48 AM, From Rob Stradling: 

Do you think browsers should block access to sites that use expired certs (in the same way that they block access to sites that use revoked certs)? 

I think so - with the possibility for admins to override it. But that shouldn't the casual "Please click me through" thing...




Eddy Nigg, COO/CTO


StartCom Ltd. <http://www.startcom.org> 


startcom at startcom.org


Join the Revolution! <http://blog.startcom.org> 


Follow Me <http://twitter.com/eddy_nigg> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120920/7dbe4e2c/attachment-0004.html>

More information about the Public mailing list