What's wrong with rendering certificates invalid? Isn't the burden on the CA to ensure their customers are satisfied? If the CA wants to take the risk, let them. We'll make sure our customers 100% understand the risks when deciding how many proofs to embed.
Jeremy -----Original Message----- From: public-boun...@cabforum.org [mailto:public-boun...@cabforum.org] On Behalf Of Adam Langley Sent: Tuesday, February 04, 2014 1:19 PM To: Jeremy Rowley Cc: therightkey; certificate-transparency; CABFPub Subject: Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan On Tue, Feb 4, 2014 at 3:10 PM, Jeremy Rowley <jeremy.row...@digicert.com> wrote: > If the certificate sets out on a two year journey with a passport, it > might realize this is better than grabbing a utility bill and phone > receipt. Why would it carry garbage when it already has something everyone accepts? We don't want to be in the position where we can't distrust a log (*any log*) because it would render certificates invalid. Which is why we're specifying that certificates carry multiple SCTs. Cheers AGL _______________________________________________ Public mailing list pub...@cabforum.org https://cabforum.org/mailman/listinfo/public _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
