[cabfpub] Updated Certificate Transparency + Extended Validation plan
sleevi at google.com
Tue Feb 4 18:08:25 UTC 2014
One can also use OCSP Stapling or the TLS extension. OCSP stapling is
particularly useful for also dealing with the revocation status in a single
On Feb 4, 2014 9:52 AM, "Adam Langley" <agl at chromium.org> wrote:
> On Tue, Feb 4, 2014 at 12:33 PM, Jeremy Rowley
> <jeremy.rowley at digicert.com> wrote:
> > Three or four proofs for a 27 month certificate is way too many. The
> number of proofs should be decided based on the customer's risk profile,
> not a set number based on certificate lifecycle. Adding 400 bytes per
> certificate will make EV certificates unusable by entities concerned with
> The customer doesn't carry the risk: the risk is that we'll be unable
> to revoke a log in clients due to the number of certificates that
> depend on it.
> We should make the SCTs as small as possible, the the switch to larger
> initcwnds in recent years has released much of the pressure on keeping
> certificate sizes below the tradition initcwnd limit.
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public