We've issued one month certs before. We would have used shorter certs if the
CAB Forum had relaxed the OCSP requirements.  Since these are supposed to be
extremely streamlined, one SCT would be great.  

Jeremy

-----Original Message-----
From: public-boun...@cabforum.org [mailto:public-boun...@cabforum.org] On
Behalf Of Adam Langley
Sent: Wednesday, February 05, 2014 8:40 AM
To: certificate-transparency
Cc: therightkey@ietf.org; CABFPub
Subject: Re: [cabfpub] Updated Certificate Transparency + Extended
Validation plan

On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradl...@comodo.com>
wrote:
> Also, what happened to the idea of only requiring 1 SCT for a 1-month
cert?

I'm to blame for that.

Certificates with a single SCT put a lower bound on how quickly we can
distrust a log (at least without special measures, such as shipping the
whole, public log hashes to all the clients, which is probably
impractical.) Since I'm not aware of any CAs issuing one month certs, and it
only saves ~100 bytes vs 2 SCTs, it seemed to be something that should be
dropped.


Cheers

AGL
_______________________________________________
Public mailing list
pub...@cabforum.org
https://cabforum.org/mailman/listinfo/public

_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey

Reply via email to