[Servercert-wg] Ballot SC22: Reduce Certificate Lifetimes

Ryan Sleevi sleevi at google.com
Tue Aug 20 08:10:19 MST 2019


On Tue, Aug 20, 2019 at 10:33 AM Christian Heutger via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Against phishing or other certificate misuse 1 year won’t help, 90 days
> also won’t help (I got some spam with a Let’s Encrypt cert and this
> phishing site was operated for the full 90 days), you need to reduce
> lifetime to day or better hours. Is this really an idea, which could work?
> Also if automation would be able to handle that, it will arise additional
> new pain points. And still it arise the question, is it worth to fix a
> completely different issue?
>

I'm not sure, could you highlight where you heard that this was meant to
address phishing?
https://cabforum.org/pipermail/servercert-wg/2019-August/000894.html certainly
doesn't list that as a motivation, and that has never been a motivation
with this ballot from any of the proponents, so perhaps you received
inaccurate information?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190820/1bf77519/attachment.html>


More information about the Servercert-wg mailing list