<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Jeremy,<br>
<br>
<div class="moz-cite-prefix">On 03/20/2015 12:33 AM, Jeremy Rowley
wrote:<br>
</div>
<blockquote
cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1569996104;
mso-list-type:hybrid;
mso-list-template-ids:294274098 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Per the call today and discussion during
the face-to-face, I’d like to start a public discussion on
doing one of two things. </p>
</div>
</blockquote>
<br>
Thanks for your post here...<br>
<br>
<blockquote
cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
type="cite">
<div class="WordSection1">Personally, I like the idea of a maximum
lifecycle of 24 months. The lower validity period ensures CAB
Forum and industry changes take less time to implement (fewer
MD5/SHA1 situations), and we encourage more frequent rekeying
and validation.</div>
</blockquote>
<br>
If there would be consensus to reduce everything to two years, this
would be personally also fine with me, but....<br>
<br>
<blockquote
cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
type="cite">
<div class="WordSection1"><o:p></o:p>Therefore extending EV to 39
months might be more reasonable.</div>
</blockquote>
<br>
...considering that his is the strongest verification standard so
far, it might make sense to increase the life-time to what has been
established a reasonable (maximum) time to rely on certificates. <br>
<br>
Again personally, if anything should be changed besides this
increase would be the reduction of the life-time of DV certificates.
After all, all they confirm is some sort of control over the domain
and not more. You can't even know if the domain name is still
registered by the holder after just one year usually.<br>
<br>
<blockquote
cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
type="cite">
<div class="WordSection1">Extending EV to 39 months will help
promote EV adoption and put EV on equal footing with OV/DV.</div>
</blockquote>
<br>
Yes, that's currently a real drawback.<br>
<br>
<blockquote
cite="mid:0791fe32184940039fc559252d13a187@EX2.corp.digicert.com"
type="cite">
<div class="WordSection1"> Of course, this would extend the
validation time by a year. One way to deal with this extra time
is adopt the Mozilla approach and require revalidation every X
months (where X is mostly likely 13). <br>
</div>
</blockquote>
<br>
I wouldn't be in favor of that - first of all today two years are
acceptable for EV certificates without any re-verification. <br>
Second, the entire pain with EV is the verification process and not
necessarily getting the certificates in place. If it helps, we could
think about strengthening a point here or there to increase the
robustness of the verification process for EV. <br>
And third, if ordinary IV/OV certificates are fine with a three year
verification cycle (not speaking about DV), than EV certainly is in
my opinion.<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>