[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

Ryan Sleevi sleevi at google.com
Fri Feb 10 15:39:31 UTC 2017


On Fri, Feb 10, 2017 at 7:17 AM, <philliph at comodo.com> wrote:

> There are two possible reasons for limiting the validity interval
>
> 1) To limit the length of CRLs (or equivalent).
> 2) To enable changes to cryptographic algorithms or withdrawal of certain
> types of permitted algorithm class to take place more expeditiously.
>

Hi Phillip,

Unfortunately, the flaw in your argument starts here, and unfortunately
invalidates the rest of it.

It's unclear whether you're stating that these are the only arguments put
forward - which is demonstrably not true - or whether these are the only
arguments you believe valid. However, if these are the only arguments you
believe valid, then I would encourage you that rather than trying to
undermine these, you might instead focus on why you're ignoring the other
evidence put forward.

I realize there's been a large volume of mail on this topic, so perhaps you
simply haven't followed as closely, so a few links for background for you:
- https://cabforum.org/pipermail/public/2017-February/009433.html
- https://cabforum.org/pipermail/public/2017-February/009410.html

Hopefully, by reading those messages (although there are many more
available, should you need), you can understand why the rest of your
message, which I've omitted, unfortunately largely ignores the points being
made.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170210/8871e038/attachment-0003.html>


More information about the Public mailing list