We've issued one month certs before. We would have used shorter certs if the CAB Forum had relaxed the OCSP requirements. Since these are supposed to be extremely streamlined, one SCT would be great.
Jeremy -----Original Message----- From: public-boun...@cabforum.org [mailto:public-boun...@cabforum.org] On Behalf Of Adam Langley Sent: Wednesday, February 05, 2014 8:40 AM To: certificate-transparency Cc: therightkey@ietf.org; CABFPub Subject: Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan On Wed, Feb 5, 2014 at 10:26 AM, Rob Stradling <rob.stradl...@comodo.com> wrote: > Also, what happened to the idea of only requiring 1 SCT for a 1-month cert? I'm to blame for that. Certificates with a single SCT put a lower bound on how quickly we can distrust a log (at least without special measures, such as shipping the whole, public log hashes to all the clients, which is probably impractical.) Since I'm not aware of any CAs issuing one month certs, and it only saves ~100 bytes vs 2 SCTs, it seemed to be something that should be dropped. Cheers AGL _______________________________________________ Public mailing list pub...@cabforum.org https://cabforum.org/mailman/listinfo/public _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
