[cabfpub] Pre-Ballot - Short-Life Certificates
Gervase Markham
gerv at mozilla.org
Wed Oct 29 08:52:23 MST 2014
On 28/10/14 02:02, Phillip Hallam-Baker wrote:
> There are really two types of short lived cert
>
> Type 1: With CRL info, can be issued now without changes to the BR,
> only provide status benefit for browsers that special case short
> lived certs Type 2: Without CRL info, require changes to the BR, will
> have status impact for all browsers.
Exactly.
> Thing is that type 2 requires a bit more thinking. We have to make
> sure that the certificates aren’t pre-issued and delivered as a 365
> pack on day 1 and possibly other things we haven’t thought of yet.
I put some language in the ballot to specifically address the "365-pack"
problem. Post-dated issuance is forbidden, for an appropriate value of
"post-dated". If you can think of other things, do tell us :-)
Gerv
More information about the Public
mailing list