[cabfpub] Updated Certificate Transparency + Extended Validation plan
Adam Langley
agl at chromium.org
Tue Feb 4 20:31:55 UTC 2014
On Tue, Feb 4, 2014 at 3:24 PM, Jeremy Rowley
<jeremy.rowley at digicert.com> wrote:
> What's wrong with rendering certificates invalid? Isn't the burden on the
> CA to ensure their customers are satisfied? If the CA wants to take the
> risk, let them. We'll make sure our customers 100% understand the risks when
> deciding how many proofs to embed.
But the burden of an invalid certificate significantly falls on
users/browsers, not just on the site. If distrusting a log causes 1%
of the Internet to go dark, we essentially cannot do it. It's because
of these externalities that we're seeking these assurances.
Cheers
AGL
More information about the Public
mailing list