[cabfpub] Updated Certificate Transparency + Extended Validation plan
agl at chromium.org
Wed Feb 5 15:39:49 UTC 2014
On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradling at comodo.com> wrote:
> Also, what happened to the idea of only requiring 1 SCT for a 1-month cert?
I'm to blame for that.
Certificates with a single SCT put a lower bound on how quickly we can
distrust a log (at least without special measures, such as shipping
the whole, public log hashes to all the clients, which is probably
impractical.) Since I'm not aware of any CAs issuing one month certs,
and it only saves ~100 bytes vs 2 SCTs, it seemed to be something that
should be dropped.
More information about the Public