[cabfpub] Ballot[74] - Baseline Requirements updated validation requirements

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Fri May 25 20:55:04 UTC 2012

On 05/17/2012 09:34 PM, From Tim Moses:
> /D. Replace Section 11.3 of the Baseline Requirements with the following:/
> "*11.3 Age of Certificate Data*
> Section 9.4 limits the validity period of Subscriber Certificates. The 
> CA MAY use the documents and data provided in Section 11 to verify 
> certificate information, provided that the CA obtained the data or 
> document from a source specified under Section 11 no more than 
> thirty-nine (39) months prior to issuing the certificate.”

Actually there might be a problem with this one and the original isn't 
any better. IIRC the 39 month were used in order to allow re-issuance of 
an existing certificate, but do we really want to rely on data that has 
been obtained more than three years ago for a certificate that will be 
valid for another years, total more than six years?

Can this be clarified?

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120525/cf589a2e/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4506 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120525/cf589a2e/attachment-0002.p7s>

More information about the Public mailing list