[cabfpub] about EV period for Gov

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Tue Nov 18 17:23:12 MST 2014


Another way to look at Richard’s proposal and harmonize it with Ryan’s concerns is to separate EV vetting from maximum EV certificate life.  We could allow a CA to rely on a completed EV vetting (for governments or for all customers) for up to 39 months for a customer, but then only issue 12 or 13 month EV certs based on that vetting (for a 39 month period) so the technological changes can be made more quickly.

I’m not taking a position either way, but there are more possibilities if vetting cycles are not necessarily linked to maximum certificate lifespan.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Monday, November 17, 2014 10:46 PM
To: Richard at WoSign
Cc: Dean Coclin (Dean_Coclin at symantec.com); CABFPub
Subject: Re: [cabfpub] about EV period for Gov


On Nov 17, 2014 8:40 PM, "Richard Wang" <richard at wosign.com<mailto:richard at wosign.com>> wrote:
>
> Hi all,
>
>
>
> We plan to issue EV SSL certificate to government website to prevent spoof site that there is a big problem in China.
>
>
>
> But the problem we faced is the too short period that they like to buy 5 years cert. Sure, I know it is not allowed even in OV SSL.  Could we move EV re-vetting for governments to 39 months (3 years + 3 months) because they are “permanent” and the information doesn’t change very often? This rule can be for .gov.cn<http://gov.cn> domain only in China, for .gov in USA etc.
>

No.

The limitations of date do not just apply to vetting information, but to providing an orderly and efficient window for making improvements and deprecating insecure practices.

The Forum's BRs will soon see certs limited to 39 months, and this truly represents a generous upper bound. I think an ideal frame would be 15, not 39, months, but 60 is certainly far too long.

>
>
> I checked many USA government sites are using EV SSL like CIA and UK Companies House.
>
>
>
>
>
>
>
> Best Regards,
>
>
>
> Richard Wang
>
>
> WoSign CA Limited
>
> www.wosign.com<http://www.wosign.com><http://www.wosign.com/>
>
> Tel: +86-755-2602-7858
>
>
> ---------------------------------------
> This email is confidential and may be privileged. It may be read, copied and used only by the intended recipient. If you have received it in error, please contact the sender immediately by return email. Please then delete the email and do not disclose its contents to any person. Thank you.
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org<mailto:Public at cabforum.org>
> https://cabforum.org/mailman/listinfo/public
>

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141119/3ed9b7ad/attachment-0001.html 


More information about the Public mailing list