On 23/02/17 20:37, Peter Bowen via Public wrote: > Is this accurate? Not only is it accurate, it pretty much represents Mozilla's view as well (if you remove the suggestions of "incompetence, malice, and apathyā€¯). In the CT Policy discussions, I proposed that every cert have at least one embedded SCT so we can trust certificate issuance dates. That didn't seem to be a very popular proposition.
Without that, reducing cert lifetime is the only way to make sure that security or process improvements become ubiquitious in a reasonable timeframe. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
