[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input
Gervase Markham
gerv at mozilla.org
Fri Feb 10 10:36:22 UTC 2017
On 10/02/17 10:32, Christian Heutger wrote:
> I don’t talk about the effort of replacing a certificate. I talk
> about the driver behind limiting the lifetime and what would and
> primarly (as it’s the driver of this ballot) will happen on limiting
> the lifetime: Algorithm changes in 1 year. That is something, an
> enterprise can’t meet.
Let's say for the sake of argument that this is true today. Don't you
see that it's a big problem?
If there is suddenly a break in an algorithm, does the enterprise really
_want_ to keep using that insecure algorithm for the next 3 years while
it figures out how to transition off it, and other governments or their
competitors read their secrets?
Gerv
More information about the Public
mailing list