[cabfpub] Pre-Ballot - Short-Life Certificates
S.Davidson at quovadisglobal.com
Tue Nov 18 09:43:54 MST 2014
I note Mozilla's participation in https://letsencrypt.org/
"The Let's Encrypt authority will offer server certificates at zero cost,
supported by sophisticated new security protocols. The certificates will have
automatic enrollment and renewal..."
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Thursday, November 06, 2014 5:26 AM
To: Stephen Davidson; Tim Hollebeek; Jeremy Rowley; i-barreira at izenpe.net;
public at cabforum.org
Subject: Re: [cabfpub] Pre-Ballot - Short-Life Certificates
On 05/11/14 19:33, Stephen Davidson wrote:
> I'd currently respond "Because there is no broad implementation for
> short-lived certs of which I am aware - and the way this is being
> proposed indicates there must be something afoot which is not yet public."
The Mozilla security team believes that short-term certs should be one valid
option to solve the current revocation problems, so we wrote it into our
(public) Revocation Plan. Some CAs who are current members of the forum have
indicated in-principle support for my proposal (in email, on the list or face
to face). That is the only support or encouragement I have received. I have no
knowledge of anything "afoot which is not yet public" relating to short-lived
I would encourage CAs to assess this proposal on its merits, without
incorrectly assuming hidden agendas.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5494 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141118/fa09bb87/attachment-0001.bin
More information about the Public