[cabfpub] Pre-Ballot - Short-Life Certificates
Gervase Markham
gerv at mozilla.org
Fri Oct 24 23:06:49 MST 2014
On 24/10/14 20:08, Rich Smith wrote:
> The operative word here is 'can'. There will not be an active attacker
> in all cases, there just MIGHT be. This is down to a battle of MIGHTS.
That's what risk analysis is all about :-) Most of our work in the CAB
Forum is about dealing with things that MIGHT happen.
> Operating according to your MIGHT leaves every user vulnerable to a bad
> actor for the duration of the certificate life. Operating according to
> mine offers a chance that some of those users won't be victimized. I'll
> take mine.
If you assume the certificate theft is detected at all. As Diginotar
shows, that's not always the case.
Gerv
More information about the Public
mailing list