[cabfpub] Updated Certificate Transparency + Extended Validation plan

Jeremy Rowley jeremy.rowley at digicert.com
Wed Feb 5 16:24:28 UTC 2014


We could also remove the subject field to save a bunch of space, but that would defeat the point of the certificate.  Similarly, removing the public notice defeats the purpose of our relying party warranty.  However, I do think we need to shorten the message and deliver it more efficiently. 

Thanks for the heads up.

Jeremy

-----Original Message-----
From: Rob Stradling [mailto:rob.stradling at comodo.com] 
Sent: Wednesday, February 05, 2014 5:55 AM
To: Jeremy Rowley
Cc: certificate-transparency at googlegroups.com; 'Ben Laurie'; 'CABFPub'; therightkey at ietf.org
Subject: Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan

On 04/02/14 17:33, Jeremy Rowley wrote:
<snip>
> Adding 400 bytes per certificate will make EV certificates unusable by entities concerned with performance.

BTW Jeremy, in seeking to get some perspective on this issue, I notice that the current EV cert for www.digicert.com has a Certificate Policies User Notice that takes up 338 bytes!  (2 bytes per character, 'cos for some reason you use a BMPString).

"Any use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference"

Is it really necessary to include this notice in each cert?

Have any "entities concerned with performance" complained about it?

You could save 169 bytes immediately by simply switching from BMPString to UTF8String!  ;-)

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online





More information about the Public mailing list