[cabfpub] [PROMO]Re: Short-Lived Certificate Ballot
Rob Stradling
rob.stradling at comodo.com
Sun Nov 1 20:18:03 UTC 2015
On 31/10/15 19:44, Brian Smith wrote:
<snip>
>In fact, because the maximum validity
> period of a short-lived certificate is shorter than the maximum lifetime
> of an OCSP response, short-lived certificates are actually a *safer*
> form of revocation than a stapled OCSP response.
Do browsers treat expiration as harshly as revocation yet (i.e.
completely block access to the site, rather than warn the user but
permit them to access the site anyway)?
If not, then I half agree (because staleness matters) and half disagree
(because protecting users matters) that they're "a *safer* form of
revocation".
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list