[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

[Ryan Sleevi]

Sure, and I say we should solve global warming, income inequality, world
hunger, P versus NP, and unicorn cloning.

Unfortunately, such statements ignore the part of the message I highlighted
"But this also demonstrates the balance that browsers face when charged
with protecting their users - do we block access to these sites (as Chrome
is doing, and as Microsoft will around February 15) or not? If we do block
these sites, we run the risk of causing the average user to see too many of
these messages a day, thus succumbing to warning fatigue, and causing them
to ignore these warnings when their information is truly at risk. This
makes everyone less secure - either through warning fatigue or through lack
of automatic protection."

If you'd like, I'd be happy to find GlobalSign certificates that have this
problem, and we can then have a public discussion about what specific
communications GlobalSign made to these subscribers, and whether or not
such efforts are sufficient for browsers to justify blocking them. Because
effectively, that is what it would take to help inform and illuminate that
discussion, given the current evidence.

On Thu, Feb 9, 2017 at 1:30 PM, Doug Beattie <doug.beattie at globalsign.com>
wrote:

> I say go ahead and block them, they’ve all been warned and should be
> prepared for the consequences.
>
>
>
> Doug
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170209/34bc204c/attachment-0003.html>