--
You received this message because you are subscribed to the Google Groups "dev-secur...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-po...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/b0906da8-043e-422d-ad65-bc185a24eed5%40gmail.com.
I agree with Aaron’s assessment.
In addition to the reasons from a compliance standpoint that Aaron outlined, I struggle to see the value provided to a Relying Party by mandating that the CA operate an OCSP responder that responds authoritatively for serials corresponding to short-lived certificates.
This discussion is a bit hypothetical currently, as Microsoft still requires the inclusion of an AIA OCSP pointer in end-entity TLS serverauth certificates regardless of validity period even if the BRs permits its omission.
Thanks,
Corey
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAEmnErfkCg4dBEQurQSuARqFLvw36st3be9PAqrKn8iR%3DsH_rg%40mail.gmail.com.