[cabfpub] OCSP must-staple in Firefox
gerv at mozilla.org
Tue Nov 24 01:59:28 MST 2015
On 24/11/15 08:13, "Barreira Iglesias, Iñigo" wrote:
> I know that the CABF has not powers to set or require anything on the
> different browser features nor requirements, but taking into account
> that has been a voting on the issuance of short lived certs and the
> ballot failed (so not allowing CAs to issue short lived certs), what
> does this feature do? Or what is the intention? Would that mean that
> a CA can issue short lived certs of whatever duration without AIA or
> CDP pointers?
CAs have always been able to issue certs of any duration they wish.
The ballot was on allowing them to do so with no (or with reduced)
revocation information. As that ballot failed, it will not be possible
to do that without getting a qualified audit.
More information about the Public