[cabfpub] Lifecycle of EV certs

Jeremy Rowley jeremy.rowley at digicert.com
Thu Mar 19 23:18:47 UTC 2015

Yeah - I'm not sure where the security risk is, especially if revalidation was required the same as now (even at 24 months).  Is it because you feel strongly that customers should have to submit a CSR? Because people also reuse CSRs.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg
Sent: Thursday, March 19, 2015 5:00 PM
To: public at cabforum.org
Subject: Re: [cabfpub] Lifecycle of EV certs

On 03/20/2015 12:50 AM, Ryan Sleevi wrote:
Indeed, I'd argue that the current EV lifetime is one of the few things where EV is a security improvement over DV/OV and thus potentially deserving of it's special UI status.

Can you explain what the security risks would be as you perceive it, if the lifetime would be increased to three years in particular for EV?

(Btw. I find the 27 and 39 month rather stupid, nothing prevents from re-validating and issuing a certificate after 24/36 month. It's just adding another 3 month to something that can done exactly the same after two/three full years.)


Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150319/41c91590/attachment-0003.html>

More information about the Public mailing list