[cabfpub] Deprecating support for long-lived certificates
Rob Stradling
rob.stradling at comodo.com
Wed Sep 4 14:21:59 UTC 2013
On 03/09/13 23:58, Eddy Nigg (StartCom Ltd.) wrote:
>
> On 09/02/2013 01:48 PM, From Rob Stradling:
>> The BRs "Effective Date" was July 1st 2012, but I've never been sure
>> what exactly came into effect on that date, given the "not
>> mandatory...until...adopted and enforced" sentence I quoted previously!
>
> So what did you do in your case?
We worked towards BRs-compliance as quickly as we could, anticipating
that the BRs would eventually be "adopted and enforced" by at least one
of the browsers.
> Or what did you do to clarify it? I'm sure you must have had some
> thoughts and decisions...
Well, I tried to apply logic. That left me concluding that the only way
to square "Effective Date" with "not mandatory...until...adopted and
enforced" was to interpret "Effective Date" as the date on which using
(for some definition of "using") the BRs became optional (instead of
forbidden).
> I'd say that the effective date is as per BR - it was already clear
> before that software vendors will adopt it, in particular Mozilla which
> was heavily involved during the discussions.
TBH, my recollection is that it wasn't really that clear back in July
2012. I think we all anticipated that the browsers would eventually
adopt (future tense!) and enforce the BRs, but it was only when Mozilla
updated their CA Policy in early 2013 that the BRs were actually
"adopted and enforced" (past tense!) by anyone.
Mozilla asked CAs about BRs-compliancy back in January 2013 (some 6
months after the "Effective Date"). It's clear from the responses [1]
that some CAs were still working towards compliance.
We share Steve Roylance's opinion that, unless they are required to
address flagrant violations of expected behaviour, policy changes should
be forward looking.
For our part we would be content to see the policy changes applied from
the date they are announced, but making them retrospective back to 1st
July 2012 when the evidence shows that that date was not universally
complied with seems to have an uncertain impact.
[1]
https://docs.google.com/spreadsheet/pub?key=0Ah-tHXMAwqU3dHdISmM3c05tb1dMQjlJclJqS21QNmc&output=html
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list