> On Sep 22, 2016, at 4:29 PM, Ryan Sleevi <sle...@google.com> wrote:
> On Thu, Sep 22, 2016 at 4:24 PM, Jeremy Rowley <jeremy.row...@digicert.com>
> Sorry - jumped to conclusions early on when I saw the title...
> Doesn't that make the cert bigger? Seems like a better solution to simply
> include an issuance time rather than another signed data structure. Companies
> already complain about cert size all the time.
> Companies complain about _unnecessary_ cert size all the time (e.g.
> unnecessary CPS statements).
> This has clear value for the ecosystem. And the cost is only borne in the
> backdating case.
And is only extra size if the cert is not already embedding a cryptographically
signed timestamp. SCTs for Certificate Transparency are a type of
cryptographically signed timestamp, so any cert with them already has what is
Public mailing list