[cabfpub] Pre-Ballot - Short-Life Certificates

Gervase Markham gerv at mozilla.org
Fri Oct 24 07:02:15 UTC 2014

On 24/10/14 05:46, Jeremy.Rowley wrote:
> The data Rob Stradling posted last time this was discussed showed a
> fairly significant clock skew issue.  Here's the data he sent back in 2012:

Mozilla's more recent data doesn't show the problem as this large,
perhaps because more people have NTP-supporting OSes now than in 2012.
But regardless, whether this works in practice or not is a different
question to whether it should be permitted. If it turns out not to work
in practice for some or even all use cases, that's fine. But if we can
get consensus that the different risk profile does not represent a
weakening of security, I think that CAs and sites which want to try it
should not be prevented by regulation.


More information about the Public mailing list