On Fri, 12 Oct 2018 at 19:01, Rob Stradling <r...@comodoca.com> wrote:
> On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote: > > On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie <b...@google.com> wrote: > <snip> > >> This is one of the reasons we also need revocation transparency. > > > > As tempting as the buzzword is, and as much as we love motherhood and > apple > > pie and must constantly think of the children, slapping transparency > after > > a word doesn't actually address the needs of the community or users, nor > > does it resolve the challenging policy issues that arise. Just because > > something is cryptographically verifiable does not mean it actually > > resolves real world problems, or does not introduce additional ones. > > > > A simpler solution, for example, is to maintain an archive of CRLs signed > > by the CA. Which would address the need without the distraction, and > > without having the technical equivalent of Fermat's Last Theorem being > > invoked. Let's not let the perfect (and unspecified) be the enemy of the > > good and reasonable. > > FWIW, we (Comodo CA) do maintain an archive of all the CRLs we've ever > signed. > Put it in Trillian? :-) > > -- > Rob Stradling > Senior Research & Development Scientist > Email: r...@comodoca.com > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy