[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

Jeremy Rowley jeremy.rowley at digicert.com
Thu Aug 1 13:56:15 UTC 2013


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Gervase Markham
Sent: Thursday, August 01, 2013 7:46 AM
To: richard.smith at comodo.com
Cc: public at cabforum.org
Subject: Re: [cabfpub] Concerns regarding Mozilla Root Program/Baseline

On 01/08/13 14:43, Rich Smith wrote:
> The subject we're currently discussing was not spelled out clearly at 
> all, and my recollection regarding the discussions around validity 
> period was that it was well understood that there were long lived 
> certificates out there, and that they would be allowed to live out their

There's a difference between allowing a cert to live out its life cycle
because it's unreasonable to ring up a customer and tell them to make a
change to their running system, and the situation where they are already
making that change and you have an opportunity to issue them a replacement
cert which is BR-compliant.

> Certificate duration has the potential to effect a much larger number 
> of customers and I don't think those of us who have issued them in the 
> past would have agreed to specific terms in the BR stating that we 
> would have to revoke them, absent any other security vulnerability, 
> had that been clearly stated from the outset.

This is not a request for revocation, it's a request that newly-minted
certificates conform to the BRs, even if the cert they are replacing did

Public mailing list
Public at cabforum.org

More information about the Public mailing list