[cabfpub] CT discussion at CABF
Moudrick M. Dadashov
md at ssc.lt
Fri Feb 21 16:04:33 UTC 2014
Hi Eddy,
According to Ryan CT should work without precerts (precerts are preferred but ocsp responses should be sufficient), however I haven't looked to this option closely yet.
Thanks,
M.D.
Sent from Samsung Mobile
-------- Original message --------
From: "Eddy Nigg (StartCom Ltd.)" <eddy_nigg at startcom.org>
Date: 21/02/2014 01:35 (GMT-08:00)
To: Ryan Sleevi <sleevi at google.com>
Cc: Dean Coclin <Dean_Coclin at symantec.com>,Rick Andrews <Rick_Andrews at symantec.com>,public at cabforum.org
Subject: Re: [cabfpub] CT discussion at CABF
On 02/21/2014 05:46 AM, From Ryan Sleevi:
I want to avoid that situation, because it's clear you're unhappy, but it's inevitable without more constructive feedback.
- Don’t rush into this, because we’re likely to make mistakes if we have to rush. Not just the CAs; there are a lot of moving parts here. I heard someone say “you can’t make fundamental changes to a complex trust system very quickly”.
While I can appreciate a sentiment of "Don't rush", this is a very vague sentiment that is not actionably concrete. What, for example, constitutes a rush?
For me it's when CT can be supported without the need of pre-certificates. The time it requires to update third party software is basically the right time.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd.
XMPP: startcom at startcom.org
Blog: Join the Revolution!
Twitter: Follow Me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140221/fbb3649f/attachment-0003.html>
More information about the Public
mailing list