[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

Peter Bowen pzb at amzn.com
Fri Feb 3 18:33:30 MST 2017


> On Feb 1, 2017, at 1:01 PM, Dean Coclin via Public <public at cabforum.org> wrote:
> 
> I seem to recall some CAs reaching out to enterprise customers to get their opinions. I have to dig a little deeper to find that information but maybe someone on the list has that readily available. 
>   
> It would be helpful for a wide range of users (enterprises, non-profits, educational institutions, partners, resellers, device manufacturers) to provide input into this discussion to help the community formulate opinions on this major change.

Dean,

Clearly most users are not allowed to post to the CA/Browser Forum public list, so we may have to infer from data.  I just looked at the certificates for  each of the Alexa top 10,000 domains (found by trying to make a connection to www.<domain> or just the bare domain).  Some did not support HTTPS and some used private certs.  Of those using public certs, 56.3% used certs that were valid for 13 months or less. 6.7% used ones valid for 14 or 15 months, 18.3% used certs valid for 16-27 months, and only 18.7% used certs valid 28-39 months.

So a majority of popular sites already are using certs covered by the proposal.

Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170203/221e5233/attachment.html>


More information about the Public mailing list