[cabfpub] Ballot proposal for Issuance Date
Peter Bowen
pzb at amzn.com
Fri Sep 23 01:52:29 UTC 2016
> On Sep 22, 2016, at 4:29 PM, Ryan Sleevi <sleevi at google.com> wrote:
>
>
>
> On Thu, Sep 22, 2016 at 4:24 PM, Jeremy Rowley <jeremy.rowley at digicert.com> wrote:
> Sorry - jumped to conclusions early on when I saw the title...
>
> Doesn't that make the cert bigger? Seems like a better solution to simply include an issuance time rather than another signed data structure. Companies already complain about cert size all the time.
>
> Companies complain about _unnecessary_ cert size all the time (e.g. unnecessary CPS statements).
>
> This has clear value for the ecosystem. And the cost is only borne in the backdating case.
And is only extra size if the cert is not already embedding a cryptographically signed timestamp. SCTs for Certificate Transparency are a type of cryptographically signed timestamp, so any cert with them already has what is needed.
More information about the Public
mailing list