[cabfpub] Updated Certificate Transparency + Extended Validation plan

Jeremy Rowley jeremy.rowley at digicert.com
Tue Feb 4 20:24:56 UTC 2014

What's wrong with rendering certificates invalid?  Isn't the burden on the
CA to ensure their customers are satisfied?  If the CA wants to take the
risk, let them. We'll make sure our customers 100% understand the risks when
deciding how many proofs to embed.


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Adam Langley
Sent: Tuesday, February 04, 2014 1:19 PM
To: Jeremy Rowley
Cc: therightkey; certificate-transparency; CABFPub
Subject: Re: [cabfpub] Updated Certificate Transparency + Extended
Validation plan

On Tue, Feb 4, 2014 at 3:10 PM, Jeremy Rowley <jeremy.rowley at digicert.com>
> If the certificate sets out on a two year journey with a passport, it 
> might realize this is better than grabbing a utility bill and phone 
> receipt.  Why would it carry garbage when it already has something
everyone accepts?

We don't want to be in the position where we can't distrust a log (*any
log*) because it would render certificates invalid. Which is why we're
specifying that certificates carry multiple SCTs.


Public mailing list
Public at cabforum.org

More information about the Public mailing list