Gervase Markham wrote:
>
> It's a fair question. I agree that communication about the plans could
> be improved. I'll think about how best to do that.
After some hard thinking by myself I'd suggest the mailing list and
bugzilla as commonly used and established communication paths...
:-D
--
Reg
Nelson Bolyard wrote:
> Gervase Markham wrote:
>> Eddy Nigg (StartCom Ltd.) wrote:
>>> The fact that connections to expired certificates are allowed by most if
>>> not all browser vendors contributes to this problem, if this certificate
>>> is removed from the CRL...than it's just an expired certif
Gervase Markham wrote:
> Eddy Nigg (StartCom Ltd.) wrote:
>> The fact that connections to expired certificates are allowed by most if
>> not all browser vendors contributes to this problem, if this certificate
>> is removed from the CRL...than it's just an expired certificate which
>> was once vali
Gervase Markham wrote:
> Like everything, it's a trade-off - keeping revoked certificates in CRLs
> has a cost (download time and bandwidth, requirement to keep key secret)
> vs. the potential gain of being able to send a stronger warning signal
> in this rather rare case.
>
A revoked certificat
Gervase Markham wrote:
> Like everything, it's a trade-off - keeping revoked certificates in CRLs
> has a cost (download time and bandwidth)
Sorry, I forgot to mention that a revoked certificate is worth about 30
bytes in a CRL. Just to get about the proportions
--
Regards
Signer: Edd
Eddy Nigg (StartCom Ltd.) wrote:
>> No-one is saying it is. But it is also pretty unlikely that a
>> certificate would be revoked close to its expiration date.
>
> And what if it does happen?
Like everything, it's a trade-off - keeping revoked certificates in CRLs
has a cost (download time and ban
Gervase Markham wrote:
> If revoked certificates have to be listed even when expired, that means
> that expired certificates have to be revoked if the private key is
> compromised.
Yes, I would suppose that. Or a private key has to be destroyed
correctly in first place.
> So, the certificate hold
Eddy Nigg (StartCom Ltd.) wrote:
> Additionally there is no burden whatsoever on the certificate holder as
> suggested in the response for having a revoked certificate listed in the
> CRL forever...or please enlighten me about which burden they are talking
> about.
If revoked certificates have to
Please allow me to comment on a few responses...
Gervase Markham wrote:
> Following discussion on the CABForum email list, a new draft, a two-day
> face-to-face meeting in San Francisco.
Taken from http://wiki.mozilla.org/User:Johnath/EVDraft13ReviewComments
It would be *nice*?? if revocation
Johnathan Nightingale wrote:
> The comments I distilled from that review are here:
>
> http://wiki.mozilla.org/User:Johnath/EVDraft13ReviewComments
Following discussion on the CABForum email list, a new draft, a two-day
face-to-face meeting in San Francisco and another draft coming out of
that, m
Hello again folks,
Thank you to everyone who provided input. The EV review call yesterday
was attended by:
Mike Beltzner
Stephen Davidson
Kai Engert
Frank Hecker
Bob Lord
Gervase Markham
Eddy Nigg
Window Snyder
Dan Veditz
and myself, Johnathan Nightingale
The comments I distilled from that re
Hi folks,
The CABForum is attempting to reach a final draft for version 1 of the
EV certificate guidelines. Before they propose the current draft for
ratification, we have been invited, as have all CABForum members, to
provide comments, feedback, or areas of concern.
If this is something in w
12 matches
Mail list logo
