[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Ryan Sleevi sleevi at google.com
Fri Feb 10 18:01:55 UTC 2017

On Fri, Feb 10, 2017 at 9:55 AM, philliph at comodo.com <philliph at comodo.com>

> Right now it takes me about 5 years to get a change in the WebPKI. That is
> three years of getting agreement on the technology, two years to get the
> infrastructure built out to deploy and then it takes time for the
> certificate population to rotate.

> Now if people would be willing to help shorten the first two periods, I
> would be a lot more enthusiastic about shortening the third.

It's interesting that you highlight how long it personally takes you to get
a change in the WebPKI. I'm glad you're thinking about these problems, but
I also want to highlight, you're not the only one. That's the joy of having
a Forum of many participants to think about a variety of issues.

Are you suggesting it's only appropriate to consider shortening the latter
if people help you work on the former, for the matters you're passionate
about? Do you not believe there is value, overall, in seeing the reduction
on all three dimensions - consensus, implementation, and deployment?

As an engineer, I would think you'd appreciate the desire to make small
improvements, incrementally, to help us move towards a goal. Improving
deployment helps us keep the overall time shorter for situations where
consensus and implementation are difficult, and significantly shorter for
situations where consensus and implementation are easy.

Is there a reason you believe we shouldn't make deployment easier?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170210/be93b5cc/attachment-0003.html>

More information about the Public mailing list