[cabfpub] Ballot 185 - Limiting the Lifetime of Certificates
Gervase Markham
gerv at mozilla.org
Sat Feb 11 17:49:05 UTC 2017
On 09/02/17 21:08, Ryan Sleevi via Public wrote:
> Ballot 185 - Limiting the Lifetime of Certificates
>
> The following motion has been proposed by Ryan Sleevi of Google, Inc and
> endorsed by Josh Aas of ISRG and Gervase Markham of Mozilla to introduce
Having endorsed this, I confess I was thinking more about the maximum
certificate lifetime (which I do support as a target we need to get to,
and soon) than about the lead time - which, by the time this ballot
passes, will be about 2 months and a week. Given the level of ongoing
engagement with the question, having agreed to endorse I was also a
little surprised to see us enter the formal discussion period so soon.
In one sense, the argument that "this is just a change of a number in
some certificate profiles" is right. In another sense, I accept that it
does take time to adjust customer expectations, even if the different
action required by said customer may be a year or more in the future.
While it might be argued CAs should have asked their customers about the
potential impact of this change after previous discussions, it's not
reasonable to suggest that they should have been preparing them for its
enactment before any ballot was passed.
There are some ways a lifetime ballot might be constructed to ease this
difficulty, some of which even keep a May date for this first step, but
they are not in the realm of the sort of minor adjustment historically
permitted to ballots during the formal discussion period.
I therefore request that the applicability date in this ballot be
changed from 1st May 2017 to, at the earliest, 24th August 2017, 6
months after the ballot voting end date. 6 months has been floated
before as a reasonable lead time for high-impact changes, so I hope this
will remove that point of objection even for those who feel this change
is high-impact.
As the voting period begins on Thu/Fri next week, I hope we can apply
this change soon, and continue from there with a process of thoughtful
listening and discussion on that basis.
Gerv
More information about the Public
mailing list