On 8/15/2013 11:21 AM, ianG wrote: > On 15/08/13 13:22 PM, Mikko Rantalainen wrote: >> Why not issue a new signature every day and be done with >> broken revocation lists?) > > You'll upset people if you start talking like that :)
Not really, it's a serious proposal for dealing with the revocation problem http://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-shortlived.html http://www.ietf.org/mail-archive/web/pkix/current/msg30348.html Rivest proposed short-lived certs as a way to get rid of CRLs back in 1998, but proposed that it was up to the "acceptor" of the cert to decide how fresh was good enough, not the CA http://people.csail.mit.edu/rivest/pubs/Riv98b.prepub.pdf It's even been discussed some at the CABrowser forum. -Dan Veditz
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security