[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Wed Aug 7 08:12:27 UTC 2013
On 08/07/2013 08:50 AM, From kirk_hall at trendmicro.com:
> I can say that the only explicit requirement included in the initial
> BRs about maximum validity period for certs is BR 9.4 – and by its
> terms, it clearly does not apply to certs issued or agreements made
> before the effective date of the BRs.
Correct me if I'm wrong, but this doesn't apply to the specific
certificate we discussed here (as brought forward by Ryan). It was
apparently issued this year, so whatever your stance is for certificates
issued before 2012 June, it's not relevant here.
Of course it's easy to change the notbeforeDate in a certificate to
anywhere sometime before the BR was enforced. Those CAs that comply to
the BRs requirements will certainly appreciate it.
And since you are surprised about the logical expectation as we've
discussed it extensively, why do you think the BR has a staged approach
for long-living certificates - first to 60 month and then to 39 month?
What could be the reason for it?
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130807/e339f4ed/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130807/e339f4ed/attachment-0001.p7s>
More information about the Public
mailing list