Duane wrote:
Nelson Bolyard wrote:
Rather than "for a minimum of 12 months", I would say "until the last
issued EE cert expires". Then, yes, I think that makes sense.
This would have to be a policy decision for MF I think, and if you were
to require this I also think that the MF would need to decide on a term
that they would be willing to pay for domains and host CRL/OCSP stuff...
If a company goes bust tomorrow, I doubt there would be any funding to
keep a CRL/OCSP running beyond that, and I doubt any company large or
small these days is beyond that with numerous "large" companies suddenly
going out of business owing billions...
If I recall correctly, you recently posted something about all your
certs being good for only 6 or 12 months (I forget which), and you
were thinking of even lowering that.
So, my point was, there's no point in promising you'll keep OCSP
going for 12 months if all your certs will expire sooner than that.
After the last cert expires, shut 'em down!
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
