[cabfpub] Sunset for exceptions?

Jeremy Rowley jeremy.rowley at digicert.com
Tue Jan 19 23:25:48 UTC 2016

I’m happy to make the motion or endorse removal of these exceptions. 


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Tuesday, January 19, 2016 4:09 PM
To: Ryan Sleevi
Subject: Re: [cabfpub] Sunset for exceptions?


On Jan 19, 2016, at 2:57 PM, Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> > wrote:

On Tue, Jan 19, 2016 at 11:27 AM, Peter Bowen <pzb at amzn.com <mailto:pzb at amzn.com> > wrote:

The BRs contain at least two allowances for “legacy” certificate issuance:

6.1.7 (5) allows direct issuance of subscriber certificates from a root CA

6.3.2 allows certificates with validity periods longer than 39 months

Are these still needed?  Are CAs relying upon these exceptions?  If not, does it make sense to ballot to remove these from the BRs?


Peter, I'd be happy to support a ballot if you want to propose one. That tends to be the only way to get timely responses - the discussion period of the ballot. 


As an Associate Member, I cannot propose ballots.  Only those who have a full period-of-time audit can propose ballots.  Or at least that is my read of the bylaws.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160119/71c9dc71/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160119/71c9dc71/attachment-0001.p7s>

More information about the Public mailing list