> On Sep 22, 2016, at 4:29 PM, Ryan Sleevi <sle...@google.com> wrote:
> 
> 
> 
> On Thu, Sep 22, 2016 at 4:24 PM, Jeremy Rowley <jeremy.row...@digicert.com> 
> wrote:
> Sorry - jumped to conclusions early on when I saw the title...
> 
> Doesn't that make the cert bigger? Seems like a better solution to simply 
> include an issuance time rather than another signed data structure. Companies 
> already complain about cert size all the time.
> 
> Companies complain about _unnecessary_ cert size all the time (e.g. 
> unnecessary CPS statements).
> 
> This has clear value for the ecosystem. And the cost is only borne in the 
> backdating case. 

And is only extra size if the cert is not already embedding a cryptographically 
signed timestamp.  SCTs for Certificate Transparency are a type of 
cryptographically signed timestamp, so any cert with them already has what is 
needed.
_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Reply via email to