On Mon, Jan 24, 2022 at 11:18 AM Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> So, arguably, the advantage of revocation checking via OCSP stapling > over short-lived certificates today has to do with keeping CT logs a > manageable size, not with any particular security gain in terms of > revocation functionality. Although I agree with your conclusion about equivalencies on revocation being a function of the lifetime, an observation Dan Geer made 24 years ago [1], a slight correction to the above remark. This hasn't been a practical issue/concern for quite some time now, especially with the adoption of "time-sharded" CT logs. The sharding function of the logs can easily be adjusted to whatever target growth function exists. That is, rather than sharding logs annually (where a log only contains certificates expiring within a given calendrical year), it could be sharded quarterly or semi-annually. Of course, modern logs are far more scalable these days then original implementations, so even here, the size of the log is more a function for monitors and auditors. [1] https://cseweb.ucsd.edu/~goguen/courses/275f00/geer.html - Search "Hence, a rule of thumb"
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls