[cabfpub] Updated Certificate Transparency + Extended Validation plan

Adam Langley agl at chromium.org
Tue Feb 4 20:31:55 UTC 2014


On Tue, Feb 4, 2014 at 3:24 PM, Jeremy Rowley
<jeremy.rowley at digicert.com> wrote:
> What's wrong with rendering certificates invalid?  Isn't the burden on the
> CA to ensure their customers are satisfied?  If the CA wants to take the
> risk, let them. We'll make sure our customers 100% understand the risks when
> deciding how many proofs to embed.

But the burden of an invalid certificate significantly falls on
users/browsers, not just on the site. If distrusting a log causes 1%
of the Internet to go dark, we essentially cannot do it. It's because
of these externalities that we're seeking these assurances.


Cheers

AGL



More information about the Public mailing list