[cabfpub] Ballot proposal for Issuance Date

Jeremy Rowley jeremy.rowley at digicert.com
Thu Sep 22 23:14:53 UTC 2016


Last time this came up, I proposed that instead of overwriting RFC 5280's
meaning of the notBefore date, we should include a issuanceTime field that
indicates the time of certificate issuance.  That way we avoid conflict with
the RFCs and have more flexibility with notBefore to address possible clock
skew issues. I still support an issuanceTime field over creating a
conflicting definition with the RFC.


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Peter Bowen
Sent: Thursday, September 22, 2016 5:02 PM
To: CABFPub <public at cabforum.org>
Subject: [cabfpub] Ballot proposal for Issuance Date

I would like to propose a change to cover a current gap in the BRs.  Right
now there is no clear link from content in the certificate to the date of
issuance of the certificate.  I would propose the following change to the
BR.  Note that this intentionally only covers Subscriber (End-entity)
certificates, not CA certificates.

What do others think?

Definitions:
(new) Issuance Date: The latest of the notBefore value of a certificate and
the time value of any cryptographically signed timestamps included in a
certificate

(modified) Validity Period: The period of time measured from the Issuance
Date of a Certificate is issued until the Expiry Date of a Certificate.

(new) 7.1.2.3(g) Issuance Date
The Issuance Date of the certificate must be no more than 24 hours from
(either before or after) the date when the CA signed the certificate.

Thanks,
Peter
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160922/429caff8/attachment-0001.p7s>


More information about the Public mailing list