[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates
sleevi at google.com
Tue Feb 21 20:18:10 UTC 2017
Can you share whether or not that was the case for AT&T?
On Tue, Feb 21, 2017 at 11:43 AM, Peter Bowen <pzb at amzn.com> wrote:
> Many organizations have policies to not re-use keys between certificates.
> Dropping the validity period therefore effectively drops the key usage
> On Feb 21, 2017, at 10:54 AM, Ryan Sleevi via Public <public at cabforum.org>
> This doesn't seem particularly relevant - I haven't heard any suggestion
> that this is about ensuring frequent key rotation, as opposed to all the
> other policies and practices being attested to in conjunction with the keys.
> On Tue, Feb 21, 2017 at 10:52 AM, Dean Coclin via Public <
> public at cabforum.org> wrote:
>> Posting on behalf of AT&T:
>> AT&T typically looks to NIST for guidance and reference on industry
>> standards, see page 45 of the attached (NIST SP800-57-Pt1R4) document.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public