|
|
|
|
|
|
by mcpherrinm
12 days ago
|
|
|
Great question! Of course, we'll continue to provide more information as we firm up more details. This is an area that's not locked down yet, but I can give a sneak preview of what it might look like. We expect batches to be produced quickly, on the same order of magnitude as current CT logs - somewhere in the 0.5s to 5 second range. This is an existing problem since (at least some) CT logs do the same batched behaviour. Now, there is a catch with MTCA: That gets you a "standalone" certificate, which works just like a certificate does today. But it's big, still. To get the new, small certificates (landmark-relative), you will have to wait for the next landmark. Based on current planning and discussions with Chrome, we expect that to be hourly for short-lived certs, and 4 hours for longer-lived certificates. So you'll get a big cert instantly, but you might have to wait an hour or 4 to get a certificate.
So your new website can be online quickly, but with some downsides until you get the small landmark-relative cert. (I work at Let's Encrypt) |
|
|