[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Ryan Sleevi sleevi at google.com
Thu Feb 9 22:04:12 UTC 2017

On Thu, Feb 9, 2017 at 1:58 PM, Doug Beattie <doug.beattie at globalsign.com>

> I know GlobalSign has SHA-1 certs that expire in the future, I still stay
> block them.  There should not that many and one would hope that they are
> not even being used (much).  The browsers have been conveying degraded UI
> on these for a long time, so blocking them is the next logical step.  I
> don’t see the whole fatigue issue being so critical now, you’ve fatigued
> users for the past year or more so I don’t this as making the problem any
> worse.  Block them.

This is an interesting argument.

It appears you accept fatigue is bad - meaning we should try to reduce
fatigue. But at the same time, you're (seemingly) opposing we take steps
forward to reduce fatigue. This does make it seem like you're saying one
thing, but then arguing we do another.

Could you help me understand?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170209/ba41d30d/attachment-0003.html>

More information about the Public mailing list