On 18/10/2018 22:55, Ben Laurie wrote:
On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote:On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote: > On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie <[email protected] <mailto:[email protected]>> wrote: <snip> >> This is one of the reasons we also need revocation transparency. > > As tempting as the buzzword is, and as much as we love motherhood and apple > pie and must constantly think of the children, slapping transparency after > a word doesn't actually address the needs of the community or users, nor > does it resolve the challenging policy issues that arise. Just because > something is cryptographically verifiable does not mean it actually > resolves real world problems, or does not introduce additional ones. > > A simpler solution, for example, is to maintain an archive of CRLs signed > by the CA. Which would address the need without the distraction, and > without having the technical equivalent of Fermat's Last Theorem being > invoked. Let's not let the perfect (and unspecified) be the enemy of the > good and reasonable. FWIW, we (Comodo CA) do maintain an archive of all the CRLs we've ever signed. Put it in Trillian? :-)
That had occurred to me. ;-) Would it be useful? -- Rob Stradling Senior Research & Development Scientist Email: [email protected] _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

