[openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled
Blumenthal, Uri - 0553 - MITLL via RT
rt at openssl.org
Fri Aug 7 15:34:47 UTC 2015
Alas, not right now (and here we're in agreement).
However I expect the field to evolve with the threats, and the means for using this capability to emerge. IMHO it would be easier to keep this feature waiting rather than opening a whole new discussion later on. Plus, by just being there it might "stimulate" people to look for ways to use it.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: David Woodhouse via RT
Sent: Friday, August 7, 2015 11:28
Reply To: rt at openssl.org
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #3992] [PATCH] Allow RFC6962 Signed Certificate Timestamps to be disabled
On Fri, 2015-08-07 at 15:07 +0000, Blumenthal, Uri - 0553 - MITLL
wrote:
> Considering emerging attacks against UEFI I'd be hesitant weakening
> protection mechanisms, even those that *currently* aren't likely to
> be used.
Can you suggest a practicable means by which this *could* be used?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150807/deb9b2cf/attachment.bin>
More information about the openssl-dev
mailing list