[cabfpub] [cabfquest] Question about reissuance regulations
Jeremy Rowley
jeremy.rowley at digicert.com
Mon Jan 5 15:28:06 MST 2015
BRs say once every 39 months. So does the Mozilla policy. 13 months is for EV.
From: Eddy Nigg [mailto:eddy_nigg at startcom.org]
Sent: Monday, January 5, 2015 3:24 PM
To: Jeremy Rowley
Cc: CABFPub
Subject: Re: [cabfquest] Question about reissuance regulations
On 01/05/2015 09:26 PM, Jeremy Rowley wrote:
Hi Davis,
There aren't requirements that a CA re-perform domain validation upon reissuance. Section 11.3 of the BRs permit a CA to reuse documentation for up to 39 months from the date it is collected.
If that's true it would be a serious flaw in the BR. Mustn't a domain be re-validated at least after max 13 month? Personally I would expect any reasonable CA to revalidate more frequently anyway.
Also the web trust audit has requirements for identifying certificate requests and its authorization, not sure where the BR stands on this (without reading the whole thing again).
--
Regards
Signer:
Eddy Nigg, COO/CTO
StartCom Ltd.<http://www.startcom.org>
XMPP:
startcom at startcom.org<xmpp:startcom at startcom.org>
Blog:
Join the Revolution!<http://blog.startcom.org>
Twitter:
Follow Me<http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150105/d726f29e/attachment.html
More information about the Public
mailing list