[cabfpub] Certificate lifetimes: end state or trajectory?

García Jimeno, Oscar o-garcia at izenpe.eus
Fri Mar 3 11:43:02 UTC 2017


We agree that would be a good solution for everyone
Thanks

.eus GARA !
horregatik orain nire helbide elektronikoa da:
por eso mi dirección de correo electrónico ahora es:  o-garcia at izenpe.eus

Oscar García
CISSP, CISM




ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.



-----Mensaje original-----
De: Public [mailto:public-bounces at cabforum.org] En nombre de Gervase Markham via Public
Enviado el: viernes, 03 de marzo de 2017 10:15
Para: CABFPub
CC: Gervase Markham
Asunto: [cabfpub] Certificate lifetimes: end state or trajectory?

Following on from the discussion on the call, I think the Forum does need to come to a conclusion on whether we are aiming to reduce certificate lifetimes below 27 months in the next few years, or not.

I think it's fair to say that if the Forum passes a ballot on certificate lifetimes _without_ a roadmap to 13 months (such as the current ballot 193), then observers can reasonably assume that the Forum is unlikely to take further steps on reducing lifetimes in the next few years. Because if we were planning to do that, we would have set out our roadmap in the relevant ballot in order to give everyone maximum time to prepare.

According to Ryan's summary, the following members voted No on ballot
185 giving the reason that "13 months is unacceptably short":

CA: DigiCert, Entrust, Izenpe, Quo Vadis, Actalis, Symantec, Trustwave, CFCA, GDCA
Browser: Apple

It would be useful if those members could say whether 13 months would still be unacceptably short if the date for introduction of the 13 month requirement were something like 1st March 2019, 2 years from now.

If we can get consensus that this reduction is OK with a long enough lead time, that might lead us to a ballot where the max. lifetime was reduced to 27 months on 1st March 2018, and 13 months on 1st March 2019, meaning that by 1st May 2020, all unexpired certificates would be of lifetime 13 months or fewer.

If members feel that even with 2 years lead time, this reduction is still unacceptable, we should pass ballot 193 or something like it, thereby indicating to the world that we have no plans for further reductions in a CAB Forum context.

Gerv


_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public



More information about the Public mailing list