[cabfpub] Pre-Ballot - Short-Life Certificates

Gervase Markham gerv at mozilla.org
Thu Nov 6 09:27:59 UTC 2014

On 05/11/14 19:33, Stephen Davidson wrote:
> I'd currently respond "Because there is no broad implementation for
> short-lived certs of which I am aware - and the way this is being proposed
> indicates there must be something afoot which is not yet public."

The Mozilla security team believes that short-term certs should be one
valid option to solve the current revocation problems, so we wrote it
into our (public) Revocation Plan. Some CAs who are current members of
the forum have indicated in-principle support for my proposal (in email,
on the list or face to face). That is the only support or encouragement
I have received. I have no knowledge of anything "afoot which is not yet
public" relating to short-lived certs.

I would encourage CAs to assess this proposal on its merits, without
incorrectly assuming hidden agendas.


More information about the Public mailing list