[cabfpub] Ballot 185 - Next steps

Gervase Markham gerv at mozilla.org
Fri Feb 24 18:57:32 UTC 2017


On 23/02/17 20:37, Peter Bowen via Public wrote:
> Is this accurate?

Not only is it accurate, it pretty much represents Mozilla's view as
well (if you remove the suggestions of "incompetence, malice, and
apathy”). In the CT Policy discussions, I proposed that every cert have
at least one embedded SCT so we can trust certificate issuance dates.
That didn't seem to be a very popular proposition.

Without that, reducing cert lifetime is the only way to make sure that
security or process improvements become ubiquitious in a reasonable
timeframe.

Gerv



More information about the Public mailing list