[cabfpub] Age of certificate data
Doug Beattie
doug.beattie at globalsign.com
Thu Jul 30 17:12:55 UTC 2015
Before we changed the format of the BRs, we had this section
11.3 Age of Certificate Data
Section 9.4 limits the validity period of Subscriber Certificates. The CA MAY use the documents and data provided in Section 11 to verify certificate information, provide that the CA obtained the data or document from a source specified under Section 11 no more than thirty-nine (39) months prior to issuing the Certificate.
Now we have this:
3.3.1 Identification and Authentication for Routine Re-key
Section 6.3.2 limits the validity period of Subscriber Certificates. The CA MAY use the documents and data provided in Section 3.2 to verify certificate information, provided that the CA obtained the data or document from a source specified under Section 3.2 no more than thirty-nine (39) months prior to issuing the Certificate.
It appears that you can only re-use Certificate Data in support of Routine Re-key requests now, is that true? I could imagine some CAs wanting to validate a domain once and let the enterprise re-use that data for the time specified in support of issuing new certificates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150730/d99f4d43/attachment-0002.html>
More information about the Public
mailing list