[cabfpub] Ballot 185 (Revised) - Limiting the Lifetime of Certificates

Enric Castillo enric.castillo at anf.es
Fri Feb 17 15:13:09 UTC 2017


ANF Autoridad de Certificación votes no.


Thanks,


El 13/02/2017 a las 14:18, Ryan Sleevi via Public escribió:
> Pursuant to the consensus on 
> https://cabforum.org/pipermail/public/2017-February/009530.html about 
> the nature of changes during the discussion period, and the request 
> from Gervase on 
> https://cabforum.org/pipermail/public/2017-February/009618.html to 
> adjust what represents the Baseline agreement, this adjusts the 
> effective date from 1 April to 24 August. While individual programs 
> may choose to enact or enforce requirements prior to that, as the 
> Baseline Requirements capture the effective point of common agreement 
> of the bare minimum security levels, it seems appropriate that this 
> Ballot accurately reflect that.
>
>
> Ballot 185 - Limiting the Lifetime of Certificates
>
> The following motion has been proposed by Ryan Sleevi of Google, Inc 
> and endorsed by Josh Aas of ISRG and Gervase Markham of Mozilla to 
> introduce new Final Maintenance Guidelines for the "Baseline 
> Requirements Certificate Policy for the Issuance and Management of 
> Publicly-Trusted Certificates" and the "Guidelines for the Issuance 
> and Management of Extended Validation Certificates"
>
> -- MOTION BEGINS --
> Modify Section 6.3.2 of the "Baseline Requirements Certificate Policy 
> for the Issuance and Management of Publicly-Trusted Certificates" as 
> follows:
>
> Replace Section 6.3.2, which reads as follows:
> """
> 6.3.2. Certificate Operational Periods and Key Pair Usage Periods
>
> Subscriber Certificates issued after the Effective Date MUST have a 
> Validity Period no greater than 60 months.
> Except as provided for below, Subscriber Certificates issued after 1 
> April 2015 MUST have a Validity Period
> no greater than 39 months.
>
> Until 30 June 2016, CAs MAY continue to issue Subscriber Certificates 
> with a Validity Period greater than 39
> months but not greater than 60 months provided that the CA documents 
> that the Certificate is for a system or
> software that:
> (a) was in use prior to the Effective Date;
> (b) is currently in use by either the Applicant or a substantial 
> number of Relying Parties;
> (c) fails to operate if the Validity Period is shorter than 60 months;
> (d) does not contain known security risks to Relying Parties; and
> (e) is difficult to patch or replace without substantial economic outlay
> """
>
> with the following text:
> """
> 6.3.2. Certificate Operational Periods and Key Pair Usage Periods
>
> Subscriber Certificates issued on or after 24 August 2017 MUST NOT 
> have a Validity Period greater than three hundred and ninety-eight 
> (398) days.
>
> Subscriber Certificates issued prior to 24 August 2017 MUST NOT have a 
> Validity Period greater than thirty-nine (39) months.
> """
>
> Modify Section 9.4 of the "Guidelines for the Issuance and Management 
> of Extended Validation Certificates" as follows:
>
> Replace Section 9.4, which reads as follows:
> """
> 9.4. Maximum Validity Period For EV Certificate
>
> The validity period for an EV Certificate SHALL NOT exceed twenty 
> seven months. It is RECOMMENDED that EV
> Subscriber Certificates have a maximum validity period of twelve months.
> """
>
> with the following text:
> """"
> 9.4 Maximum Validity Period for EV Certificate
>
> EV Certificates issued on or after 24 August 2017 MUST NOT have a 
> Validity Period greater than three hundred and ninety-eight (398) days.
>
> EV Certificates issued prior to 24 August 2017 MUST NOT have a 
> Validity Period greater than twenty seven (27) months.
> """
> -- MOTION ENDS --
>
> Ballot 185 - Limiting the Lifetime of Certificates
> Status: Final Maintenance Guideline
>
> Review Period:
> Start Time: 2017-02-10 00:00:00 UTC
> End Time: 2017-02-17 00:00:00 UTC
>
> Vote for Approval:
> Start Time: 2017-02-17 00:00:00 UTC
> End Time: 2017-02-24 00:00:00 UTC
>
> Votes must be cast by posting an on-list reply to this thread on the 
> Public Mail List.
>
> A vote in favor of the ballot must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting Member before the close of the voting 
> period will be counted. Voting Members are listed here: 
> https://cabforum.org/members/
>
> In order for the ballot to be adopted, two thirds or more of the votes 
> cast by Members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor.
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-- 
ANF AC - Autoridad de certificación 	*Enric Castillo *
/Gerente Región LATAM /
ANF Autoridad de Certificación
[Teléfono] +34 626818285 /(Celular)/
[Dirección] Gran Vía de Les Corts Catalanes 996, Barcelona
[Teléfono] +593 0 996483798 /(Celular)/
[Teléfono] +593 2 2550002
[Dirección] Av. 12 de Octubre N24-562 y Luis Cordero, Edif. World Trade 
Center, Torre A, Piso 11, Ofi. 1102, Quito
[Dirección de Skype] castillo.enric
[Dirección de correo electrónico] enric.castillo at anf.es
[Dirección Web] www.anf.es

	

*AVISO*
Este mensaje se dirige exclusivamente a su destinatario y puede contener 
información privilegiada o confidencial y/o datos de carácter personal, 
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y 
la Ley de Servicios de la Sociedad de la Información. Si usted no es el 
destinatario indicado (o el responsable de la entrega al mismo), no debe 
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha 
recibido este mensaje por error o lo ha conseguido por otros medios, le 
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda 
a su eliminación irreversible. Las opiniones, conclusiones y demás 
informaciones incluidas en este mensaje que no estén relacionadas con 
asuntos profesionales de ANF Autoridad de Certificación no están 
respaldadas por la empresa.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcpjnjfdbhmmdaeo.png
Type: image/png
Size: 4746 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0021.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bkhblocikjnbdoob.png
Type: image/png
Size: 3311 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0022.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bhkcdebdkdcmlpin.png
Type: image/png
Size: 1822 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0023.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: odbieeibibenppnp.png
Type: image/png
Size: 3873 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0024.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bfbndfhbbfemhhon.png
Type: image/png
Size: 3246 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0025.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onjnjnbohgoldgid.png
Type: image/png
Size: 3712 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0026.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pnppfnmebhojladm.png
Type: image/png
Size: 21794 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0027.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3568 bytes
Desc: Firma criptogr??fica S/MIME
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0001.p7s>


More information about the Public mailing list