[cabfpub] Ballot 185 (Revised) - Limiting the Lifetime of Certificates
Enric Castillo
enric.castillo at anf.es
Fri Feb 17 15:13:09 UTC 2017
ANF Autoridad de Certificación votes no.
Thanks,
El 13/02/2017 a las 14:18, Ryan Sleevi via Public escribió:
> Pursuant to the consensus on
> https://cabforum.org/pipermail/public/2017-February/009530.html about
> the nature of changes during the discussion period, and the request
> from Gervase on
> https://cabforum.org/pipermail/public/2017-February/009618.html to
> adjust what represents the Baseline agreement, this adjusts the
> effective date from 1 April to 24 August. While individual programs
> may choose to enact or enforce requirements prior to that, as the
> Baseline Requirements capture the effective point of common agreement
> of the bare minimum security levels, it seems appropriate that this
> Ballot accurately reflect that.
>
>
> Ballot 185 - Limiting the Lifetime of Certificates
>
> The following motion has been proposed by Ryan Sleevi of Google, Inc
> and endorsed by Josh Aas of ISRG and Gervase Markham of Mozilla to
> introduce new Final Maintenance Guidelines for the "Baseline
> Requirements Certificate Policy for the Issuance and Management of
> Publicly-Trusted Certificates" and the "Guidelines for the Issuance
> and Management of Extended Validation Certificates"
>
> -- MOTION BEGINS --
> Modify Section 6.3.2 of the "Baseline Requirements Certificate Policy
> for the Issuance and Management of Publicly-Trusted Certificates" as
> follows:
>
> Replace Section 6.3.2, which reads as follows:
> """
> 6.3.2. Certificate Operational Periods and Key Pair Usage Periods
>
> Subscriber Certificates issued after the Effective Date MUST have a
> Validity Period no greater than 60 months.
> Except as provided for below, Subscriber Certificates issued after 1
> April 2015 MUST have a Validity Period
> no greater than 39 months.
>
> Until 30 June 2016, CAs MAY continue to issue Subscriber Certificates
> with a Validity Period greater than 39
> months but not greater than 60 months provided that the CA documents
> that the Certificate is for a system or
> software that:
> (a) was in use prior to the Effective Date;
> (b) is currently in use by either the Applicant or a substantial
> number of Relying Parties;
> (c) fails to operate if the Validity Period is shorter than 60 months;
> (d) does not contain known security risks to Relying Parties; and
> (e) is difficult to patch or replace without substantial economic outlay
> """
>
> with the following text:
> """
> 6.3.2. Certificate Operational Periods and Key Pair Usage Periods
>
> Subscriber Certificates issued on or after 24 August 2017 MUST NOT
> have a Validity Period greater than three hundred and ninety-eight
> (398) days.
>
> Subscriber Certificates issued prior to 24 August 2017 MUST NOT have a
> Validity Period greater than thirty-nine (39) months.
> """
>
> Modify Section 9.4 of the "Guidelines for the Issuance and Management
> of Extended Validation Certificates" as follows:
>
> Replace Section 9.4, which reads as follows:
> """
> 9.4. Maximum Validity Period For EV Certificate
>
> The validity period for an EV Certificate SHALL NOT exceed twenty
> seven months. It is RECOMMENDED that EV
> Subscriber Certificates have a maximum validity period of twelve months.
> """
>
> with the following text:
> """"
> 9.4 Maximum Validity Period for EV Certificate
>
> EV Certificates issued on or after 24 August 2017 MUST NOT have a
> Validity Period greater than three hundred and ninety-eight (398) days.
>
> EV Certificates issued prior to 24 August 2017 MUST NOT have a
> Validity Period greater than twenty seven (27) months.
> """
> -- MOTION ENDS --
>
> Ballot 185 - Limiting the Lifetime of Certificates
> Status: Final Maintenance Guideline
>
> Review Period:
> Start Time: 2017-02-10 00:00:00 UTC
> End Time: 2017-02-17 00:00:00 UTC
>
> Vote for Approval:
> Start Time: 2017-02-17 00:00:00 UTC
> End Time: 2017-02-24 00:00:00 UTC
>
> Votes must be cast by posting an on-list reply to this thread on the
> Public Mail List.
>
> A vote in favor of the ballot must indicate a clear 'yes' in the
> response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response.
> Unclear responses will not be counted. The latest vote received from
> any representative of a voting Member before the close of the voting
> period will be counted. Voting Members are listed here:
> https://cabforum.org/members/
>
> In order for the ballot to be adopted, two thirds or more of the votes
> cast by Members in the CA category and greater than 50% of the votes
> cast by members in the browser category must be in favor.
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
--
ANF AC - Autoridad de certificación *Enric Castillo *
/Gerente Región LATAM /
ANF Autoridad de Certificación
[Teléfono] +34 626818285 /(Celular)/
[Dirección] Gran Vía de Les Corts Catalanes 996, Barcelona
[Teléfono] +593 0 996483798 /(Celular)/
[Teléfono] +593 2 2550002
[Dirección] Av. 12 de Octubre N24-562 y Luis Cordero, Edif. World Trade
Center, Torre A, Piso 11, Ofi. 1102, Quito
[Dirección de Skype] castillo.enric
[Dirección de correo electrónico] enric.castillo at anf.es
[Dirección Web] www.anf.es
*AVISO*
Este mensaje se dirige exclusivamente a su destinatario y puede contener
información privilegiada o confidencial y/o datos de carácter personal,
cuya difusión está regulada por la Ley Orgánica de Protección de Datos y
la Ley de Servicios de la Sociedad de la Información. Si usted no es el
destinatario indicado (o el responsable de la entrega al mismo), no debe
copiar o entregar este mensaje a terceros bajo ningún concepto. Si ha
recibido este mensaje por error o lo ha conseguido por otros medios, le
rogamos que nos lo comunique inmediatamente por esta misma vía y proceda
a su eliminación irreversible. Las opiniones, conclusiones y demás
informaciones incluidas en este mensaje que no estén relacionadas con
asuntos profesionales de ANF Autoridad de Certificación no están
respaldadas por la empresa.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcpjnjfdbhmmdaeo.png
Type: image/png
Size: 4746 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0021.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bkhblocikjnbdoob.png
Type: image/png
Size: 3311 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0022.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bhkcdebdkdcmlpin.png
Type: image/png
Size: 1822 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0023.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: odbieeibibenppnp.png
Type: image/png
Size: 3873 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0024.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bfbndfhbbfemhhon.png
Type: image/png
Size: 3246 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0025.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onjnjnbohgoldgid.png
Type: image/png
Size: 3712 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0026.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pnppfnmebhojladm.png
Type: image/png
Size: 21794 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0027.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3568 bytes
Desc: Firma criptogr??fica S/MIME
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170217/85f31c4b/attachment-0001.p7s>
More information about the Public
mailing list