[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Tue Aug 6 15:57:42 UTC 2013

I was at meetings where the 60 month limit and 39 month limit were discussed, and the final meeting in the Bay Area where BR 9.4 was discussed and decided on – with input by Brad Hill of Paypay, as I recall.  There was no discussion of revoking pre-BR certs that I can recall.

Again, we don’t have any legacy certs to deal with, but I don’t think it makes sense to require revocation of pre-BR certs unless a serious security issue has been demonstrated.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Tuesday, August 06, 2013 8:06 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

On 08/06/2013 05:22 PM, From kirk_hall at trendmicro.com:<mailto:kirk_hall at trendmicro.com:>
Eddy, I don’t remember any discussion about revoking pre-Baseline Requirement certs that had validity periods longer than 60 months (or 39 months).

I'm sure about it, not sure if you already participated then. Tim, Wayne, Gerv and some others including myself were attending and this was an issue hotly debated with Wayne the opponent for a shorter validity period and earlier implementation of the requirement. In the end what we agreed was put into the BR.

The only discussion I recall related to new validity period rules to apply to NEW certs issued AFTER the effective date of the BRs – which resulted in BR 9.4 below.  And I don’t remember any discussion about limiting re-keying certs that had been issued before the BRs become effective – I don’t think CAs would have agreed to that because it would have put them in breach of contract with their existing customers as to existing certs.

If you'd really have that problem I suggest to fire your lawyers and get better ones. However I'm pretty sure that this isn't a legal issue and Godaddy will not have any problems with their contracts and subscriber agreements. There can be also other "creative" options for such clients who love to pay upfront for a long period...but that's out of the scope for this forum.



Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130806/414f8ad4/attachment-0003.html>

More information about the Public mailing list