Two approaches mentioned in the past: * By Ben: Have separate logs for short-lived and long-lived certificates, cycle logs for short-lived certificates periodically. * By Matt Palmer: Trimming the merkle tree <https://groups.google.com/d/msg/certificate-transparency/tsZsUP0Lxk8/x6pddTgKIgkJ> (not currently specified in the RFC).
Eran On Mon, May 18, 2015 at 3:50 PM, Stephen Farrell <[email protected]> wrote: > (All those issue tracker mails reminded me of a question > I'd meant to and had forgotten to ask...) > > At the acme BoF there was some talk of short lived certs. > The thought was that if acme succeeds then it'd be more > practical to use certs with a lifetime of a day or so. And > that might raise a question as to how that'd affect CT or if > there's an elegant way to support such. > > I don't think this is something that has to be part of the > current bis RFC necessarily but it'd probably be good to > get the collective wisdom of the list on the topic. > > So, what do we think of CT when faced with 1 day duration > certs or similar? > > Ta, > S. > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans >
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
