[cabfpub] Updated Certificate Transparency + Extended Validation plan

michal.proszkiewicz at unizeto.pl michal.proszkiewicz at unizeto.pl
Wed Feb 5 16:19:38 UTC 2014

If we are talking about EV certificates then probably there are not many 
that are valid for a 1 month.

It may be the case for other types of certificates. For example CERTUM 
issue trusted test SSL certificates valid for 30 days (standard DV 
verification procedures and DV certificate profile).

>From the other hand we give our customer possibility to manually shorten 
validity period to one day if they like (for every certificate type).


Adam Langley <agl at chromium.org> 
Wysłane przez: public-bounces at cabforum.org
2014-02-05 16:40

certificate-transparency <certificate-transparency at googlegroups.com>
"therightkey at ietf.org" <therightkey at ietf.org>, CABFPub 
<public at cabforum.org>
Re: [cabfpub] Updated Certificate Transparency + Extended       Validation 

On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradling at comodo.com> 
> Also, what happened to the idea of only requiring 1 SCT for a 1-month 

I'm to blame for that.

Certificates with a single SCT put a lower bound on how quickly we can
distrust a log (at least without special measures, such as shipping
the whole, public log hashes to all the clients, which is probably
impractical.) Since I'm not aware of any CAs issuing one month certs,
and it only saves ~100 bytes vs 2 SCTs, it seemed to be something that
should be dropped.


Public mailing list
Public at cabforum.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140205/15ae8654/attachment-0003.html>

More information about the Public mailing list