What's wrong with rendering certificates invalid? Isn't the burden on the CA to ensure their customers are satisfied? If the CA wants to take the risk, let them. We'll make sure our customers 100% understand the risks when deciding how many proofs to embed.
Jeremy -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Adam Langley Sent: Tuesday, February 04, 2014 1:19 PM To: Jeremy Rowley Cc: therightkey; certificate-transparency; CABFPub Subject: Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan On Tue, Feb 4, 2014 at 3:10 PM, Jeremy Rowley <[email protected]> wrote: > If the certificate sets out on a two year journey with a passport, it > might realize this is better than grabbing a utility bill and phone > receipt. Why would it carry garbage when it already has something everyone accepts? We don't want to be in the position where we can't distrust a log (*any log*) because it would render certificates invalid. Which is why we're specifying that certificates carry multiple SCTs. Cheers AGL _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
