[cabfpub] Updated Certificate Transparency + Extended Validation plan

Adam Langley agl at chromium.org
Tue Feb 4 17:52:20 UTC 2014

On Tue, Feb 4, 2014 at 12:33 PM, Jeremy Rowley
<jeremy.rowley at digicert.com> wrote:
> Three or four proofs for a 27 month certificate is way too many.  The number of proofs should be decided based on the customer's risk profile, not a set number based on certificate lifecycle. Adding 400 bytes per certificate will make EV certificates unusable by entities concerned with performance.

The customer doesn't carry the risk: the risk is that we'll be unable
to revoke a log in clients due to the number of certificates that
depend on it.

We should make the SCTs as small as possible, the the switch to larger
initcwnds in recent years has released much of the pressure on keeping
certificate sizes below the tradition initcwnd limit.



More information about the Public mailing list