On Tue, Feb 4, 2014 at 3:24 PM, Jeremy Rowley <[email protected]> wrote: > What's wrong with rendering certificates invalid? Isn't the burden on the > CA to ensure their customers are satisfied? If the CA wants to take the > risk, let them. We'll make sure our customers 100% understand the risks when > deciding how many proofs to embed.
But the burden of an invalid certificate significantly falls on users/browsers, not just on the site. If distrusting a log causes 1% of the Internet to go dark, we essentially cannot do it. It's because of these externalities that we're seeking these assurances. Cheers AGL _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
