[cabfpub] Ballot proposal for Issuance Date
Gervase Markham
gerv at mozilla.org
Fri Sep 23 08:55:11 UTC 2016
On 23/09/16 00:02, Peter Bowen wrote:
> Definitions:
> (new) Issuance Date: The latest of the notBefore value of a certificate and the time value of any cryptographically signed timestamps included in a certificate
This is a clever definition because if you just have a notBefore, the
Issuance Date is the notBefore, but if you need to fiddle the notBefore
for compatibility reasons, you can do so by including any form of
cryptographically signed timestamp - which can be an SCT or anything
else you choose.
We could just require CT for such certs, but this definition gives more
flexibility. However, when CT is used everywhere, the definition still
works without modification.
So I like it :-)
Gerv
More information about the Public
mailing list