[cabfpub] Ballot 111 - Accelerate Max Certificate Lifetime Reduction Timetable

Rob Stradling rob.stradling at comodo.com
Thu Nov 28 15:35:19 MST 2013


On 28/11/13 22:21, Rob Stradling wrote:
> On 28/11/13 22:06, Gervase Markham wrote:
> <snip>
>> Would it help to allay this concern if Mozilla checked in code which
>> refused to recognise certs with a notBefore > 2014-04-01 and a notAfter
>>> 2017-01-01?
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=942515
>
> Hmmm...might that just encourage some CAs to "backdate" the notBefore
> date and carry on issuing 60-month certs beyond April 2014?
>
> IINM, there's no requirement for CAs to set notBefore to the issuance
> date, is there?

Interestingly, BRs Section 4 (Definitions) says:
"Validity Period: The period of time measured from the date when the 
Certificate is issued until the Expiry Date."

So backdating the notBefore doesn't even count towards the 60 month 
(soon 39 month) limitation!

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online


More information about the Public mailing list