[cabfpub] Ballot proposal for Issuance Date

Peter Bowen pzb at amzn.com
Thu Sep 22 18:52:29 MST 2016


> On Sep 22, 2016, at 4:29 PM, Ryan Sleevi <sleevi at google.com> wrote:
> 
> 
> 
> On Thu, Sep 22, 2016 at 4:24 PM, Jeremy Rowley <jeremy.rowley at digicert.com> wrote:
> Sorry - jumped to conclusions early on when I saw the title...
> 
> Doesn't that make the cert bigger? Seems like a better solution to simply include an issuance time rather than another signed data structure. Companies already complain about cert size all the time.
> 
> Companies complain about _unnecessary_ cert size all the time (e.g. unnecessary CPS statements).
> 
> This has clear value for the ecosystem. And the cost is only borne in the backdating case. 

And is only extra size if the cert is not already embedding a cryptographically signed timestamp.  SCTs for Certificate Transparency are a type of cryptographically signed timestamp, so any cert with them already has what is needed.


More information about the Public mailing list