On Tuesday, 4 October 2016 11:14:01 UTC+1, Rob Stradling wrote: > Neither. I'd like to run cablint over all certs pre-issuance, but > unfortunately it's not practical to do this yet because 1) cablint is > too slow and 2) there are some differences of opinion that have been > discussed at CABForum but not yet resolved.
Can you expand on what "too slow" would mean here? Or does it tread too much on specific commercial performance criteria you don't want to talk about? AFAIR Comodo's CPS tells subscribers to expect to wait up to TWO days to receive a certificate after completing validation etc.. Now I'm not crazy enough to think Comodo is actually having ordinary subscribers wait around two days, but an extra few seconds ought to be practical for real-world certificate systems I'd have thought. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy