[cabfpub] SHA-1 changes and certificate lifetimes
Geoff Keating
geoffk at apple.com
Fri Nov 15 17:51:37 MST 2013
On 13 Nov 2013, at 12:14 pm, Geoff Keating <geoffk at apple.com> wrote:
> (I'll check and see if I can find a single SHA-2 cert with an expiry past 2018)
Following up on this, the latest expiry for a SHA-2 cert I can find is 2018-12-5. That cert is a non-BR-compliant certificate issued by CyberTrust under the Common Policy CA, for firstid.idm.cybertrust.com (I actually found 4 certs with slightly different spellings of the domain name).
However, this is one of only 3 cases (6 certs) I could find where a SHA-2 cert was issued before 2013-1-1 and expires after 2017-1-1. Thus I believe we will be able to assume on 2017-1-1 that all SHA-2 certificates have been issued under some version of the baseline requirements.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20131115/6e00ed40/attachment.bin
More information about the Public
mailing list