[cabfpub] FW: Short lived OCSP signing certificate
Gervase Markham
gerv at mozilla.org
Thu Sep 20 15:59:03 UTC 2012
On 20/09/12 16:51, Rich Smith wrote:
> I’d like to hear from the browsers on this. IMO if they are not going
> to change the behavior to hard fail on expiration then there is really
> no point in even continuing to discuss short lived certs as a solution
> to the revocation problem.
Perhaps a reasonable middle ground would be to hard-fail on expiration
of a certificate whose total lifetime is less than a certain value (say,
2 weeks)?
Gerv
More information about the Public
mailing list