On Wed, Oct 24, 2012 at 6:18 AM, Ben Laurie <[email protected]> wrote: > On 24 October 2012 03:02, Paul Hoffman <[email protected]> wrote: > > [[ I changed the subject line because this should be discussed on the > list *before* the meeting. It is not a separate agenda item, yet. ]] > > > > On Oct 23, 2012, at 6:41 PM, Phillip Hallam-Baker <[email protected]> > wrote: > > > >> One of the key issues as far as acceptability to CAs is concerned is > impact on issue processes. In particular it has to be possible to deploy > any experimental infrastructure without touching the certificate issue code. > > What? Why? Are you saying CAs can't test modified issuance code?
Proposing to change that code is like you proposing to change the Google search algorithm to make CT work. Just not going to happen. That is an audited system. It has a very complex and elaborate QA. It extends across the resellers that take the orders and the CA issue center. If CT had been proposed twenty years ago it might be viable to put the proof in the cert. Any change now has to work around the existing infrastructure. -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
