[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

Brian Trzupek BTrzupek at trustwave.com
Thu Aug 8 01:48:15 UTC 2013

For the record we think a "reissue" or "rekey" is a new issuance and took great lengths to treat it as such.

As Eddy pointed out, it has a new serial. It is a new cert.

Sent from my iPhone

On Aug 7, 2013, at 8:19 PM, "kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>" <kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>> wrote:

I think you have it backward.  BR 9.4 outlawed issuance of new 10 year certs effective July 1, 2012.  BR 9.4 also outlawed new 60 month certificates effective April 1, 2015, except for special cases as listed.  After April 1, 2015, new certificates can only be issued for 39 months (except for the special cases where 60 new month certificates can be issued).  So the Forum’s approach in gradually shortening the permitted validity period over time was entirely logical.

And many of us in the Forum don’t think that a pre-BR certificate that is reissued for the remainder of the calendar validity period for a technical reason is a “new”  or post-BR certificate subject to the rules for new certificates.  That’s the basic difference in our point of view.  We don’t think CAs should be forced to breach their pre-BR customer agreements where there is no showing of an actual, significant security issue.

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Wednesday, August 07, 2013 1:12 AM
To: public at cabforum.org<mailto:public at cabforum.org> >> public at cabforum.org<mailto:public at cabforum.org>
Subject: Re: [cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements


And since you are surprised about the logical expectation as we've discussed it extensively, why do you think the BR has a staged approach for long-living certificates - first to 60 month and then to 39 month? What could be the reason for it?



Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130808/2bffb315/attachment-0003.html>

More information about the Public mailing list