[cabfpub] Updated Certificate Transparency + Extended Validation plan
michal.proszkiewicz at unizeto.pl
michal.proszkiewicz at unizeto.pl
Wed Feb 5 09:19:38 MST 2014
If we are talking about EV certificates then probably there are not many
that are valid for a 1 month.
It may be the case for other types of certificates. For example CERTUM
issue trusted test SSL certificates valid for 30 days (standard DV
verification procedures and DV certificate profile).
>From the other hand we give our customer possibility to manually shorten
validity period to one day if they like (for every certificate type).
-Michał
Adam Langley <agl at chromium.org>
Wysłane przez: public-bounces at cabforum.org
2014-02-05 16:40
Do
certificate-transparency <certificate-transparency at googlegroups.com>
DW
"therightkey at ietf.org" <therightkey at ietf.org>, CABFPub
<public at cabforum.org>
Temat
Re: [cabfpub] Updated Certificate Transparency + Extended Validation
plan
On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradling at comodo.com>
wrote:
> Also, what happened to the idea of only requiring 1 SCT for a 1-month
cert?
I'm to blame for that.
Certificates with a single SCT put a lower bound on how quickly we can
distrust a log (at least without special measures, such as shipping
the whole, public log hashes to all the clients, which is probably
impractical.) Since I'm not aware of any CAs issuing one month certs,
and it only saves ~100 bytes vs 2 SCTs, it seemed to be something that
should be dropped.
Cheers
AGL
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140205/15ae8654/attachment.html
More information about the Public
mailing list