[cabfpub] OCSP Stapling and Short-Lived Certificates Proposal

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Mon Mar 25 20:19:37 UTC 2013

On 03/25/2013 06:44 PM, From Phillip:
> * The first date on which the subject was validated by the issuer (aka Member Since)
> * The most recent date on which the subject was validated by the issuer (aka Last validated)
> * The most recent date at which the issuer is known to have reported valid status (Last status)

Can you tell me where exactly this information is present upon on which 
a client (software or human) should make such a decision? If you can't, 
how can this in any way affect a client's decision at all?

> Since we already allow for a delay in issue of status information it seems perfectly acceptable to assume that cert status is valid within a short time window of issue.

Those are two completely different things - positive or negative status 
information doesn't equal the same thing as certificate issuance and we 
can't make the assumption above. Status information is one thing and 
certificate issuance another.

> If we look at what we have to do server side for OCSP stapling and what we have to do for short lived certs it is essentially the same.

I made my point on that already, so I spare you my repeating replies on 
this... :-)

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130325/13568329/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130325/13568329/attachment-0001.p7s>

More information about the Public mailing list