On 18/10/2018 22:55, Ben Laurie wrote:
On Fri, 12 Oct 2018 at 19:01, Rob Stradling wrote:
On 12/10/18 16:40, Ryan Sleevi via dev-security-policy wrote:
> On Fri, Oct 12, 2018 at 8:33 AM Ben Laurie <b...@google.com
<mailto:b...@google.com>> wrote:
<snip>
>> This is one of the reasons we also need revocation transparency.
>
> As tempting as the buzzword is, and as much as we love motherhood
and apple
> pie and must constantly think of the children, slapping
transparency after
> a word doesn't actually address the needs of the community or
users, nor
> does it resolve the challenging policy issues that arise. Just
because
> something is cryptographically verifiable does not mean it actually
> resolves real world problems, or does not introduce additional ones.
>
> A simpler solution, for example, is to maintain an archive of
CRLs signed
> by the CA. Which would address the need without the distraction, and
> without having the technical equivalent of Fermat's Last Theorem
being
> invoked. Let's not let the perfect (and unspecified) be the enemy
of the
> good and reasonable.
FWIW, we (Comodo CA) do maintain an archive of all the CRLs we've ever
signed.
Put it in Trillian? :-)
That had occurred to me. ;-)
Would it be useful?
--
Rob Stradling
Senior Research & Development Scientist
Email: r...@comodoca.com
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy