[cabfpub] OCSP must-staple in Firefox

"Barreira Iglesias, Iñigo" i-barreira at izenpe.eus
Tue Nov 24 08:13:45 UTC 2015


Gerv,

I know that the CABF has not powers to set or require anything on the different browser features nor requirements, but taking into account that has been a voting on the issuance of short lived certs and the ballot failed (so not allowing CAs to issue short lived certs), what does this feature do? Or what is the intention? Would that mean that a CA can issue short lived certs of whatever duration without AIA or CDP pointers?

Regards


Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.eus 
945067705



ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

-----Mensaje original-----
De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Gervase Markham
Enviado el: lunes, 23 de noviembre de 2015 18:22
Para: CABFPub
Asunto: [cabfpub] OCSP must-staple in Firefox

Participants may be interested in this:

https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/

We have implemented OCSP must-staple, due for release in March 2016. I have already mentioned that we have implemented short-lived cert capability; we haven't yet set a default value so there is no news there for this group.

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public



More information about the Public mailing list