[cabfpub] Certificate lifetimes: end state or trajectory?

Richard Wang richard at wosign.com
Fri Mar 3 09:39:37 UTC 2017 

" lifetime was reduced to 27 months on 1st March 2018", this is the same timeline as Ballot 193.
And "13 months on 1st March 2019" that we have two years to prepare the change that I think it is enough.

This solution is good that meet the CAs and browsers' concern, and give the industry a clear roadmap.   


Best Regards,

Richard

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham via Public
Sent: Friday, March 3, 2017 5:15 PM
To: CABFPub <public at cabforum.org>
Cc: Gervase Markham <gerv at mozilla.org>
Subject: [cabfpub] Certificate lifetimes: end state or trajectory?

Following on from the discussion on the call, I think the Forum does need to come to a conclusion on whether we are aiming to reduce certificate lifetimes below 27 months in the next few years, or not.

I think it's fair to say that if the Forum passes a ballot on certificate lifetimes _without_ a roadmap to 13 months (such as the current ballot 193), then observers can reasonably assume that the Forum is unlikely to take further steps on reducing lifetimes in the next few years. Because if we were planning to do that, we would have set out our roadmap in the relevant ballot in order to give everyone maximum time to prepare.

According to Ryan's summary, the following members voted No on ballot
185 giving the reason that "13 months is unacceptably short":

CA: DigiCert, Entrust, Izenpe, Quo Vadis, Actalis, Symantec, Trustwave, CFCA, GDCA
Browser: Apple

It would be useful if those members could say whether 13 months would still be unacceptably short if the date for introduction of the 13 month requirement were something like 1st March 2019, 2 years from now.

If we can get consensus that this reduction is OK with a long enough lead time, that might lead us to a ballot where the max. lifetime was reduced to 27 months on 1st March 2018, and 13 months on 1st March 2019, meaning that by 1st May 2020, all unexpired certificates would be of lifetime 13 months or fewer.

If members feel that even with 2 years lead time, this reduction is still unacceptable, we should pass ballot 193 or something like it, thereby indicating to the world that we have no plans for further reductions in a CAB Forum context.

Gerv


_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list