[cabfpub] Pre-Ballot - Short-Life Certificates
Stephen Davidson
S.Davidson at quovadisglobal.com
Tue Nov 18 16:43:54 UTC 2014
I note Mozilla's participation in https://letsencrypt.org/
https://www.eff.org/press/releases/new-free-certificate-authority-dramatically-increase-encrypted-internet-traffic
"The Let's Encrypt authority will offer server certificates at zero cost,
supported by sophisticated new security protocols. The certificates will have
automatic enrollment and renewal..."
-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Thursday, November 06, 2014 5:26 AM
To: Stephen Davidson; Tim Hollebeek; Jeremy Rowley; i-barreira at izenpe.net;
public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot - Short-Life Certificates
On 05/11/14 19:33, Stephen Davidson wrote:
> I'd currently respond "Because there is no broad implementation for
> short-lived certs of which I am aware - and the way this is being
> proposed indicates there must be something afoot which is not yet public."
The Mozilla security team believes that short-term certs should be one valid
option to solve the current revocation problems, so we wrote it into our
(public) Revocation Plan. Some CAs who are current members of the forum have
indicated in-principle support for my proposal (in email, on the list or face
to face). That is the only support or encouragement I have received. I have no
knowledge of anything "afoot which is not yet public" relating to short-lived
certs.
I would encourage CAs to assess this proposal on its merits, without
incorrectly assuming hidden agendas.
Gerv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5494 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141118/fa09bb87/attachment-0001.p7s>
More information about the Public
mailing list