[cabfpub] Ballot for limited exemption to RFC 5280 for CTimplementation

Rob Stradling rob.stradling at comodo.com
Fri Sep 19 19:07:51 UTC 2014

On 19/09/14 19:40, Brian Smith wrote:
>> IINM, in Chrome's case CRLSets cover all EV certs, so there wouldn't be much
>> point making Stapled OCSP a prerequisite for getting the EV indicator.
> I think that is debatable. Part of the purpose of requiring a stapled
> OCSP response is making up for the limitations of CRLSets. In Chrome's
> case, making a stapled OCSP response mandatory for EV would benefit
> them because they could remove the EV enries from their CRLSet.
> Reducing the size of the CRLSet and/or making room for more non-EV
> entries would benefit them, AFAICT.

OK, I see where you're coming from, but I still think it's too early to 
mandate OCSP Stapling for EV.

Reducing the size of the CRLSet (or, better still, increasing the % of 
certs covered by the CRLSet) sounds like a good idea.

>>> (The only useful thing about EV is its effect on encouraging CT adoption.)
>> Really?
> Yes.

Well, at least we agree that encouraging CT adoption is a good thing.  :-)

>>> That's a private matter between the CAs and Google.
>> It ceases to be a private matter if we accept that it impacts the BRs/EVGs.
> That's circular reasoning. I'm saying the BRs don't need to be changed
> because it is a private matter. You are saying it isn't a private
> matter because the BRs need to be changed.

I said "if" deliberately.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list