[cabfpub] Age of certificate data
kirk_hall at trendmicro.com
kirk_hall at trendmicro.com
Thu Jul 30 11:28:45 MST 2015
I noticed that too, Doug. It was never discussed, and I think it was an error when the BRs were moved to a new format - the heading is wrong. We can fix that in the domain validation ballot the VWG is working on.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Doug Beattie
Sent: Thursday, July 30, 2015 10:13 AM
To: public at cabforum.org
Subject: [cabfpub] Age of certificate data
Before we changed the format of the BRs, we had this section
11.3 Age of Certificate Data
Section 9.4 limits the validity period of Subscriber Certificates. The CA MAY use the documents and data provided in Section 11 to verify certificate information, provide that the CA obtained the data or document from a source specified under Section 11 no more than thirty-nine (39) months prior to issuing the Certificate.
Now we have this:
3.3.1 Identification and Authentication for Routine Re-key
Section 6.3.2 limits the validity period of Subscriber Certificates. The CA MAY use the documents and data provided in Section 3.2 to verify certificate information, provided that the CA obtained the data or document from a source specified under Section 3.2 no more than thirty-nine (39) months prior to issuing the Certificate.
It appears that you can only re-use Certificate Data in support of Routine Re-key requests now, is that true? I could imagine some CAs wanting to validate a domain once and let the enterprise re-use that data for the time specified in support of issuing new certificates.
<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150730/35a26c92/attachment.html
More information about the Public
mailing list