[Servercert-wg] Ballot SC22: Reduce Certificate Lifetimes

Jeremy Rowley jeremy.rowley at digicert.com
Mon Aug 19 19:16:57 MST 2019

The ballot was sent out with a link to the ballot and the blog post.  The survey was not conducted double-blind or anything like that as it was intended to give a feel for where customers are at. Even if a rough metric, at least it is "some" metric for how the change will be viewed. 

As Tobi mentioned, people probably aren't surprised by the results, and I doubt they would change much regardless of how we actually did the survey.  I thought it was pretty common/obvious that larger companies often do not deploy certificate automation and favor long lived certificates.  The survey gave directionally the magnitude of upsetness.

Although we recognize the comments from the survey may not be actionable for some members, they are interesting to read so summarizing them is still probably worth the effort of sharing where people are at in their thinking.  

-----Original Message-----
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Tobias S. Josefowitz via Servercert-wg
Sent: Monday, August 19, 2019 6:20 PM
To: Ryan Sleevi <sleevi at google.com>
Cc: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] Ballot SC22: Reduce Certificate Lifetimes

On Tue, 20 Aug 2019, Tobias S. Josefowitz wrote:

> However, in my eyes, there can be no doubt that this change is/will be 
> vastly unpopular with web site operators by the numbers, and I do not 
> think that, in this regard, conducting surveys to begin with will add 
> much perspective, nor do I think that debating the merits of any such 
> survey should or could possibly be focal to the issue.
> That is, unless you would change your perspective on the issue if a 
> clean survey roughly reproduced the results presented by digicert. In 
> which case, by all means, we should go for it.

Alternatively, I did not think to include it initially because I am in fact convinced that shortening certificate lifetimes is unpopular with side operators, you genuinely expect a clean survey to show that it would indeed *not* be unpopular. Which would surprise me, but I also really do not insist to be the judge on that.

Servercert-wg mailing list
Servercert-wg at cabforum.org

More information about the Servercert-wg mailing list