On Thursday, 22 August 2013 09:09:06 UTC+3, Mikko Rantalainen wrote: > If we really believed that shorter lifetime is required for the keys, > we would be replacing those CA keys already.
I'd like to add that in my opinion, the lifetime should be decided by the user agent (default) or by the user (preferably). Current situation, where the CA can sign whatever they want and declare lifetime for the trust exactly as they wish, does not seem sane for me. I'd much rather see world where CA signs whatever they want and trust is handled separately, hopefully using some kind of web-of-trust algorithm. -- Mikko _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
