On Thu, Feb 23, 2017 at 10:54 PM, Phillip Hallam-Baker via Public < [email protected]> wrote:
> > Things have to break before some people will act. Which is why I consider > the proposal to further reduce validity intervals to provide more > procrastination time positively harmful. > To restate this, you're saying that it's better to keep long-lived certs around, so that the heightened damage their misissuance would do will increase the motivation of CAs/browsers to deprecate weaker algorithms. I think that's a very difficult stance to defend. Holding one security feature hostage to spur support for another doesn't seem likely to produce security benefits, either in this case or the general case. -- Eric > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > > -- konklone.com | @konklone <https://twitter.com/konklone>
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
