[cabfpub] Updated Certificate Transparency + Extended Validation plan

Jeremy Rowley jeremy.rowley at digicert.com
Wed Feb 5 16:29:44 UTC 2014


We've issued one month certs before. We would have used shorter certs if the
CAB Forum had relaxed the OCSP requirements.  Since these are supposed to be
extremely streamlined, one SCT would be great.  

Jeremy

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Adam Langley
Sent: Wednesday, February 05, 2014 8:40 AM
To: certificate-transparency
Cc: therightkey at ietf.org; CABFPub
Subject: Re: [cabfpub] Updated Certificate Transparency + Extended
Validation plan

On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradling at comodo.com>
wrote:
> Also, what happened to the idea of only requiring 1 SCT for a 1-month
cert?

I'm to blame for that.

Certificates with a single SCT put a lower bound on how quickly we can
distrust a log (at least without special measures, such as shipping the
whole, public log hashes to all the clients, which is probably
impractical.) Since I'm not aware of any CAs issuing one month certs, and it
only saves ~100 bytes vs 2 SCTs, it seemed to be something that should be
dropped.


Cheers

AGL
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public




More information about the Public mailing list