On Mon, May 1, 2017 at 8:41 AM, Gervase Markham via Public < [email protected]> wrote: > > > 2. On the idea of marker of some sort in new certs indicating whether or > > not a newly-issued cert had been validated (or revalidated) in > > accordance with the methods in Ballot 190 – how do you see users > > actually using this information? > > Forgive me; I've not noticed anyone suggest this. Who did? >
I did. It allows users to make an informed decision of the trustworthiness of the information presented in the certificate, much like EV policy OIDs and OV policy OIDs reportedly provide a stronger level of assertion. Given the significant benefits it can bring to help identifying and remedying certificate issues - much like technically identifying RAs - this seems entirely within the realm of a significant improvement to ecosystem security, with minimal impact to existing CAs. That is, they would only need to do so for newly issued certificates, and hopefully CAs at least have the existing technical capability to identify when they're reusing information or how they're validating it.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
