[cabfpub] Deprecating support for long-lived certificates

Kathleen Wilson kwilson at mozilla.com
Thu Aug 29 00:23:29 UTC 2013

On 8/28/13 8:05 AM, Rob Stradling wrote:
> On 26/08/13 21:56, Kathleen Wilson wrote:
>> Rick,
>> I believe you are referring to this:
>> https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Baseline_Requirements
>> "As of February 2013, SSL certificate issuance must also be audited
>> according to the Baseline Requirements (BRs),  as described above. The
>> first BR audit for each CA and subCA may include a reasonable list of
>> BRs that the CA (or subCA) is not yet in compliance with. The second BR
>> audit (the following year) is expected to confirm that the issues that
>> were listed in the previous BR audit have been resolved.
>> All other dates are as specified by the CA/Browser Forum."
>> The intent was to recognize that there may be some situations in which a
>> CA may not be able to comply with particular BRs in time for their first
>> BR audit, and to allow a way for the CA to move towards full compliance
>> while still being audited according to the BRs this year.
>> The "effective dates" remain as stated by the CA/Browser Forum.
> Kathleen, the BRs also say:
> "The Requirements are not mandatory for Certification Authorities 
> unless and until they become adopted and enforced by relying–party 
> Application Software Suppliers."
> IINM, the first Application Software Supplier to adopt/enforce the BRs 
> was Mozilla, and the date you did that was significantly later than 
> the "Effective Date".

So, based on your reasoning, the "Effective Date" would be January 10, 2013?
Or February 14, 2013?


More information about the Public mailing list