[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Thu Aug 8 08:34:56 UTC 2013

On 08/08/2013 04:18 AM, From kirk_hall at trendmicro.com:
> I think you have it backward.  BR 9.4 outlawed issuance of new 10 year 
> certs effective July 1, 2012.  BR 9.4 also outlawed new 60 month 
> certificates effective April 1, 2015, except for special cases as 
> listed.  After April 1, 2015, new certificates can only be issued for 
> 39 months (except for the special cases where 60 new month 
> certificates can be issued).  So the Forum’s approach in gradually 
> shortening the permitted validity period over time was entirely logical.

So far we are on the same page basically...

> And many of us in the Forum don’t think that a pre-BR certificate that 
> is reissued for the remainder of the calendar validity period for a 
> technical reason is a “new”  or post-BR certificate subject to the 
> rules for new certificates.

A certificate that was signed (act of signing) after the BR effective 
date it must comply to it, not matter what's the reason. If there are 
legitimate exceptions possible, then be it. However this will hurt 
compliance and fairness in respect to compliance to the requirements.

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130808/6f70fc87/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130808/6f70fc87/attachment-0001.p7s>

More information about the Public mailing list