[cabfpub] [cabfquest] Question about reissuance regulations

Jeremy Rowley jeremy.rowley at digicert.com
Mon Jan 5 22:28:06 UTC 2015

BRs say once every 39 months.  So does the Mozilla policy. 13 months is for EV.

From: Eddy Nigg [mailto:eddy_nigg at startcom.org]
Sent: Monday, January 5, 2015 3:24 PM
To: Jeremy Rowley
Subject: Re: [cabfquest] Question about reissuance regulations

On 01/05/2015 09:26 PM, Jeremy Rowley wrote:
Hi Davis,

There aren't requirements that a CA re-perform domain validation upon reissuance. Section 11.3 of the BRs permit a CA to reuse documentation for up to 39 months from the date it is collected.

If that's true it would be a serious flaw in the BR. Mustn't a domain be re-validated at least after max 13 month? Personally I would expect any reasonable CA to revalidate more frequently anyway.

Also the web trust audit has requirements for identifying certificate requests and its authorization, not sure where the BR stands on this (without reading the whole thing again).


Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150105/d726f29e/attachment-0003.html>

More information about the Public mailing list