top | item 44422549

(no title)

jaas | 8 months ago

A free account for sending emails would not have changed the decision because it doesn't solve this:

"Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records. As an organization that values privacy, removing this requirement is important to us."

Now there is no contact information associated with issuance records.

discuss

weird-eye-issue|8 months ago

It didn't need to be a requirement

addandsubtract|8 months ago

Neither is sending emails :)

mystraline|8 months ago

If they're that worried about having some random email associated, then perhaps they shouldn't also publish all certs they cut for domains?

https://crt.sh/

Publishing all SSL certs for domains is kind of worse than some random email.

woodruffw|8 months ago

That’s how CT works. They can’t not publish end-entity certificates to CT logs.

(But also, even if they could avoid this somehow: the entire point of a public CA is to publish end entity certificates. The “I want a public certificate while keeping a subdomain secret” model was never particularly coherent.)

unknown|8 months ago

[deleted]