<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Jeremy,<br>
I'm not sure Comodo would support any change at this point, but if
we were to change I'd like to propose, let's call it 1c;<br>
Set all max validity to 27 months; Require re-validation for all at
27 months.<br>
<br>
I'm against your proposal of 1a for the same reasons I don't like
27/13 for EV It puts us in position of having to redo validation of
a replacement request by the customer. In this case, the customer
would get the DV or OV for 27 months, be able to replace at will,
renew the cert for an additional 27 months, but be subject to
revalidatiion half way through the 2nd when trying to get a
replacement/re-issuance. This is bad enough with EV already, and
I'm very much against extending it to OV/DV. If we can't find a
reasonable path to match up the re-validation requirement with max
validity then I'm against making any changes.<br>
<br>
From the customer perspective, they expect to have to jump through
hoops at the point of placing a new order. We don't generally get
push back on that. What they don't expect, and what it is very
difficult to make them understand is having to jump through the
hoops again during the validity period of the same order. The
customer doesn't understand these requirements and it causes a bad
customer experience, for which they blame the CA.<br>
<br>
-Rich<br>
<br>
<div class="moz-cite-prefix">On 3/30/2016 11:04 AM, Jeremy Rowley
wrote:<br>
</div>
<blockquote
cite="mid:427b4378dc93413b9e4de7868f4e2386@EX2.corp.digicert.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1242446652;
mso-list-type:hybrid;
mso-list-template-ids:1481123614 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:black">Hi everyone, <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">I’d like to
resurface the certificate validity period discussion and see
if there is a way to move this forward. I’m still keen on
seeing a standardized maximum validity period for all
certificate types, regardless of whether the certificate is
DV, OV, or EV. I believe the last time this was discussed,
we reached an impasse where the browsers favored a shorter
validity period for OV/DV and the CAs were generally
supportive of a longer-lived EV certificate (39 months). The
argument for a shorter validity period were 1) encourages
key replacement, 2) ensures validation occurs more
frequently, 3) deters damage caused by key loss or a change
in domain control, and 4) permits more rapid changes in
industry standards and accelerates the phase-out of insecure
practices. The argument for longer validity periods: 1)
customers prefer longer certificate validity periods, and 2)
the difficulty in frequent re-validation of information. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">So far, there
seems to be two change proposals with a couple of
variations:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="color:black"><span style="mso-list:Ignore">1)<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="color:black">Set all certificate validity periods to
no more than 27 months<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2
lfo2"><!--[if !supportLists]--><span style="color:black"><span
style="mso-list:Ignore">a.<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="color:black">Require re-validation of information for
OV/DV certificates at 39 months OR<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2
lfo2"><!--[if !supportLists]--><span style="color:black"><span
style="mso-list:Ignore">b.<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="color:black">Require re-validation of information for
all certs at 13 months<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="color:black"><span style="mso-list:Ignore">2)<span
style="font:7.0pt "Times New Roman""> </span></span></span><!--[endif]--><span
style="color:black">Set all certificate validity periods to
39 months<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2
lfo2"><!--[if !supportLists]--><span style="color:black"><span
style="mso-list:Ignore">a.<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="color:black">Require re-validation every 13 months<o:p></o:p></span></p>
<p class="MsoListParagraph"
style="margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2
lfo2"><!--[if !supportLists]--><span style="color:black"><span
style="mso-list:Ignore">b.<span style="font:7.0pt
"Times New Roman""> </span></span></span><!--[endif]--><span
style="color:black">Require re-validation of information for
OV/DV certificates at 39 months<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">What are the
objections to 1a? With all the automated installers
abounding, 1a seems to capture the simplicity and customer
convenience of 39 months with the advantages of
shorter-lived certs. Who would oppose/endorse a ballot that
does one of these? <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">Jeremy<o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>