[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Ryan Sleevi sleevi at google.com
Thu Feb 9 21:10:17 MST 2017 

This would be only website certificates, and only leaves.

On Thu, Feb 9, 2017 at 4:21 PM, Jody Cloutier <jodycl at microsoft.com> wrote:

> 12 months seems to short, especially if we aren’t somehow limiting the
> scope of the proposal to website authentication only. I would recommend
> that we reconsider what Digicert proposed in the past.
>
>
>
> *From:* Public [mailto:public-bounces at cabforum.org] *On Behalf Of *Jeremy
> Rowley via Public
> *Sent:* Thursday, February 9, 2017 4:12 PM
> *To:* Ryan Sleevi <sleevi at google.com>
> *Cc:* Jeremy Rowley <jeremy.rowley at digicert.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> *Subject:* Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of
> Certificates: User input
>
>
>
> No, I don’t think that meeting was fair signal to research how long the
> transition to one year certs would take. The aggressive proposal at the
> time was 27 months (which DigiCert proposed). At that time, we reviewed and
> asked customers about adopting 27 months, and found that it was achievable
> immediately. How would we have known that Google would try to accelerate
> that to 12 months instead?
>
>
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com <sleevi at google.com>]
> *Sent:* Thursday, February 9, 2017 3:08 PM
> *To:* Jeremy Rowley <jeremy.rowley at digicert.com>
> *Cc:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Subject:* Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of
> Certificates: User input
>
>
>
>
>
>
>
> On Thu, Feb 9, 2017 at 2:01 PM, Jeremy Rowley <jeremy.rowley at digicert.com>
> wrote:
>
> That’s the question and the area where there’s insufficient data to
> respond. The ballot happened quickly enough that I doubt most of us have
> had time to evaluate with the customers how long of a transition period
> they would need.
>
>
>
> I would highlight some of the points I made to Dean earlier, in
> https://cabforum.org/pipermail/public/2017-February/009540.html
>
>
> "Do you believe the CAs who find themselves in such cases were making a
> good faith effort to participate in the CA/Browser Forum, knowing that
> discussions have been occurring for three years on this topic? Did such CAs
> simply assume that any possible attempt to change would be blocked? "
>
>
>
> For example, do you believe that the discussion in
> https://cabforum.org/2015/06/24/2015-06-24-face-to-face-
> meeting-35-minutes/ was a fair signal to take the time to evaluate with
> customers how long of a transition period they would need? If not, how long
> should the CA/Browser Forum discuss something before CAs take concrete
> steps to collect feedback from their users, if 18 months is not sufficient
> time?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170209/e24add0e/attachment.html>

More information about the Public mailing list