[cabfpub] Ballot 111 - Accelerate Max Certificate Lifetime Reduction Timetable
rob.stradling at comodo.com
Thu Nov 28 22:35:19 UTC 2013
On 28/11/13 22:21, Rob Stradling wrote:
> On 28/11/13 22:06, Gervase Markham wrote:
>> Would it help to allay this concern if Mozilla checked in code which
>> refused to recognise certs with a notBefore > 2014-04-01 and a notAfter
> Hmmm...might that just encourage some CAs to "backdate" the notBefore
> date and carry on issuing 60-month certs beyond April 2014?
> IINM, there's no requirement for CAs to set notBefore to the issuance
> date, is there?
Interestingly, BRs Section 4 (Definitions) says:
"Validity Period: The period of time measured from the date when the
Certificate is issued until the Expiry Date."
So backdating the notBefore doesn't even count towards the 60 month
(soon 39 month) limitation!
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public