[cabfpub] Updated Certificate Transparency + Extended Validation plan

Adam Langley agl at chromium.org
Tue Feb 4 19:41:42 UTC 2014


On Tue, Feb 4, 2014 at 2:10 PM, Jeremy Rowley
<jeremy.rowley at digicert.com> wrote:
> I do not think this is correct.  The number of proofs actually increases as you decrease validity periods.

Consider a certificate setting out on a journey. It always needs to
have identity papers with it because the Browser Police are always on
the lookout for unregistered certificates. However, the Browser Police
sometimes decide that certain forms of ID are no longer acceptable and
so a certificate needs to carry several forms of ID with it. If it's
setting out on a one year journey it's wise to have two forms of ID
because one might become distrusted over the year, but it's
vanishingly unlikely that both would be.

However, if our plucky certificate is setting out on a two year
journey then it's wise to carry three forms of ID just in case two
become useless while it's out in the world. The longer it'll be out,
the more forms of id it should carry to ensure that one is always
acceptable.


Cheers

AGL



More information about the Public mailing list