[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Christian Heutger ch at psw.net
Tue Feb 14 05:48:44 MST 2017


> DV is the standard of SSL certificates on the market. No browser or user agent recognizes OV as providing any value-added security (as communicated to users), so if you believe it does, it's likely due to CAs suggesting such, not browsers. EV is a technically flawed
> standard whose value to cost is also questionable, and which is also not the standard for which we (Google) want to bring to market to customers.

DV is somehow worth nothing on the view of trust. It’s encryption only, nothing else. DV wouldn’t require the authentication part of the SSL/TLS protocol, as if the server is the server, that’s the only thing, which is proven, why there should be any authentication. Certificates are about to proof identity, provide trust, where to submit details to (not only, that they are transmitted secure, but they also are transmitted secure to the right place). It’s wrong, that OV is not recognized, it’s wrong, if EV would be removed. It damages all the education, which has been done on https, it damages all the trust in secure internet, it damages the whole internet. As meanwhile the european union with eIDAS trys to improve electronical transaction through europe and settles standards like qualified web server certificates, I read here steps backward to an unsecure internet. I’m worring about such a future.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170214/8d8a5ca9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3400 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170214/8d8a5ca9/attachment-0001.bin>


More information about the Public mailing list