[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Gervase Markham gerv at mozilla.org
Fri Feb 10 10:36:22 UTC 2017

On 10/02/17 10:32, Christian Heutger wrote:
> I don’t talk about the effort of replacing a certificate. I talk
> about the driver behind limiting the lifetime and what would and
> primarly (as it’s the driver of this ballot) will happen on limiting
> the lifetime: Algorithm changes in 1 year. That is something, an
> enterprise can’t meet. 

Let's say for the sake of argument that this is true today. Don't you
see that it's a big problem?

If there is suddenly a break in an algorithm, does the enterprise really
_want_ to keep using that insecure algorithm for the next 3 years while
it figures out how to transition off it, and other governments or their
competitors read their secrets?


More information about the Public mailing list