[cabfpub] Short-Lived Certificate Draft Ballot

Ryan Sleevi sleevi at google.com
Thu Oct 8 18:51:13 UTC 2015


On Thu, Oct 8, 2015 at 8:19 AM, Rob Stradling <rob.stradling at comodo.com>
wrote:

>
> So I propose this definition...
>
>    "Issuance Time: The time at which a Certificate's digital signature
>     is calculated."
>

Seems reasonable. Glad to not be the only one who quibbles on minutiae ;)


> > *__*
> >
> > _Short-Lived Certificate: A Certificate with a total validity period
> > less than 96 hours and a notBefore time no earlier than 24 hours before
> > the Issuance Time and a notAfter time no later than 72 hours after the
> > Issuance Time._
>
> "total" seems redundant.
>

Fair point

Also, "Validity Period" is already a Defined Term.  It would make sense
> to use it!  The current definition...
>    "Validity Period: The period of time measured from the date when the
>     Certificate is issued until the Expiry Date."
> ...seems wrong though.  Shouldn't it be the period of time between
> notBefore and notAfter?
>

It seems the whole "total validity period less than 96 hours" is itself not
a normative requirement, but merely serves as a descriptive language to
make it easier to understand the following two clauses (re: 24 hours and 72
hours). You can't have a cert whose Validity Period is greater than 96
hours that meets those two definitions, so it's not necessary, but it does
serve an illustrative point.

That's me saying that it doesn't seem that your second proposed change is
necessary, and Tim's point about why the current language is what it is is
something I'd agree with.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151008/b8248301/attachment-0003.html>


More information about the Public mailing list