[cabfpub] FW: Short lived OCSP signing certificate

Gervase Markham gerv at mozilla.org
Thu Sep 20 15:59:03 UTC 2012

On 20/09/12 16:51, Rich Smith wrote:
> I’d like to hear from the browsers on this.  IMO if they are not going
> to change the behavior to hard fail on expiration then there is really
> no point in even continuing to discuss short lived certs as a solution
> to the revocation problem.

Perhaps a reasonable middle ground would be to hard-fail on expiration 
of a certificate whose total lifetime is less than a certain value (say, 
2 weeks)?


More information about the Public mailing list