[cabfpub] Updated Certificate Transparency + Extended Validation plan

[Doug Beattie]

I agree with Jeremy.  Making the validity period the driver for the number
of proofs does not make sense.  While this variable is present in every cert
and easy to use as the basis of a calculation, it seems misplaced.  The
number of proofs should be related to the reputation of the CA, the number
of years the CA has been in business, the strength of the keys/signing
algorithms, one or more attributes of the certificate owner, the type of
certificate (EV, Org, Domain), the number of domains being secured or some
other risk/brand set of attributes.  This needs some additional work.

Doug

 

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Jeremy Rowley
Sent: Tuesday, February 04, 2014 12:34 PM
To: 'Ben Laurie'; 'CABFPub'; certificate-transparency at googlegroups.com;
therightkey at ietf.org
Subject: Re: [cabfpub] Updated Certificate Transparency + Extended
Validation plan

Three or four proofs for a 27 month certificate is way too many.  The number
of proofs should be decided based on the customer's risk profile, not a set
number based on certificate lifecycle. Adding 400 bytes per certificate will
make EV certificates unusable by entities concerned with performance. 

Jeremy

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Ben Laurie
Sent: Tuesday, February 04, 2014 10:08 AM
To: CABFPub; certificate-transparency at googlegroups.com; therightkey at ietf.org
Subject: [cabfpub] Updated Certificate Transparency + Extended Validation
plan

Enclosed, our revised plan.

Comments welcome.

_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public