[cabfpub] about EV period for Gov

Gervase Markham gerv at mozilla.org
Tue Nov 18 09:21:29 UTC 2014


On 18/11/14 06:45, Ryan Sleevi wrote:
> The limitations of date do not just apply to vetting information, but to
> providing an orderly and efficient window for making improvements and
> deprecating insecure practices.

I think this is the key point here. Certs have a limited life so that we
can make sure that all certs get security and process improvements in a
reasonable timeframe. As Ryan says, 3 years is still a long time and it
would be nice if it was shorter, but 5 years is way, way too long.

If the government were willing to say "OK, if you give us a 5 years
cert, we understand that you may tell us to revoke it and replace it at
any time and we are cool with that", that might be OK - but if that's
true, why can't they just have a 3-year cert?

Gerv



More information about the Public mailing list