[cabfpub] Pre-Ballot - Short-Life Certificates

Stephen Davidson S.Davidson at quovadisglobal.com
Tue Nov 18 09:43:54 MST 2014


I note Mozilla's participation in https://letsencrypt.org/

https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic

"The Let's Encrypt authority will offer server certificates at zero cost, 
supported by sophisticated new security protocols. The certificates will have 
automatic enrollment and renewal..."


-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Thursday, November 06, 2014 5:26 AM
To: Stephen Davidson; Tim Hollebeek; Jeremy Rowley; i-barreira at izenpe.net; 
public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot - Short-Life Certificates

On 05/11/14 19:33, Stephen Davidson wrote:
> I'd currently respond "Because there is no broad implementation for
> short-lived certs of which I am aware - and the way this is being
> proposed indicates there must be something afoot which is not yet public."

The Mozilla security team believes that short-term certs should be one valid 
option to solve the current revocation problems, so we wrote it into our 
(public) Revocation Plan. Some CAs who are current members of the forum have 
indicated in-principle support for my proposal (in email, on the list or face 
to face). That is the only support or encouragement I have received. I have no 
knowledge of anything "afoot which is not yet public" relating to short-lived 
certs.

I would encourage CAs to assess this proposal on its merits, without 
incorrectly assuming hidden agendas.

Gerv

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5494 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141118/fa09bb87/attachment-0001.bin 


More information about the Public mailing list