[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Thu Aug 8 16:03:28 UTC 2013

So, Eddy, is your position that a pre-BR 10 year cert (with 7 years left) can’t be rekeyed / reissued at all, because the BRs now limit certs to 60 months?  Are you saying the validity period of a 10 year cert that is rekeyed must be reduced to 60 months?

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Thursday, August 08, 2013 8:57 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

On 08/08/2013 05:48 PM, From kirk_hall at trendmicro.com:<mailto:kirk_hall at trendmicro.com:>

Can you provide an example of "an extension of my argument," some action by a CA that is rekeying an existing BR, that could lead to serious problems?  What kind of pre-BR cert, if rekeyed (reissued) by the CA for the same expiration date, will cause some new problem?  I can't think of any.

Conveniently you ignore the fact that there isn't such a thing "rekey" or "reissue" - the BR has definitions for how long you can rely on previous validated data (way too long anyway, but that's beside the point) and what you must do every time you issue a certificate.



Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130808/706df37c/attachment-0003.html>

More information about the Public mailing list