[cabfpub] Pre-Ballot - Short-Life Certificates

Gervase Markham gerv at mozilla.org
Sat Oct 25 06:06:49 UTC 2014

On 24/10/14 20:08, Rich Smith wrote:
> The operative word here is 'can'.  There will not be an active attacker 
> in all cases, there just MIGHT be.  This is down to a battle of MIGHTS. 

That's what risk analysis is all about :-) Most of our work in the CAB
Forum is about dealing with things that MIGHT happen.

> Operating according to your MIGHT leaves every user vulnerable to a bad 
> actor for the duration of the certificate life.  Operating according to 
> mine offers a chance that some of those users won't be victimized.  I'll 
> take mine.

If you assume the certificate theft is detected at all. As Diginotar
shows, that's not always the case.


More information about the Public mailing list