[cabfpub] Updated Certificate Transparency + Extended Validation plan
Jeremy Rowley
jeremy.rowley at digicert.com
Tue Feb 4 20:24:56 UTC 2014
What's wrong with rendering certificates invalid? Isn't the burden on the
CA to ensure their customers are satisfied? If the CA wants to take the
risk, let them. We'll make sure our customers 100% understand the risks when
deciding how many proofs to embed.
Jeremy
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Adam Langley
Sent: Tuesday, February 04, 2014 1:19 PM
To: Jeremy Rowley
Cc: therightkey; certificate-transparency; CABFPub
Subject: Re: [cabfpub] Updated Certificate Transparency + Extended
Validation plan
On Tue, Feb 4, 2014 at 3:10 PM, Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:
> If the certificate sets out on a two year journey with a passport, it
> might realize this is better than grabbing a utility bill and phone
> receipt. Why would it carry garbage when it already has something
everyone accepts?
We don't want to be in the position where we can't distrust a log (*any
log*) because it would render certificates invalid. Which is why we're
specifying that certificates carry multiple SCTs.
Cheers
AGL
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
More information about the Public
mailing list