On Tue, Feb 4, 2014 at 12:33 PM, Jeremy Rowley <[email protected]> wrote: > Three or four proofs for a 27 month certificate is way too many. The number > of proofs should be decided based on the customer's risk profile, not a set > number based on certificate lifecycle. Adding 400 bytes per certificate will > make EV certificates unusable by entities concerned with performance.
The customer doesn't carry the risk: the risk is that we'll be unable to revoke a log in clients due to the number of certificates that depend on it. We should make the SCTs as small as possible, the the switch to larger initcwnds in recent years has released much of the pressure on keeping certificate sizes below the tradition initcwnd limit. Cheers AGL _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
