[cabfpub] Certificate lifetimes: end state or trajectory?

Gervase Markham gerv at mozilla.org
Wed Mar 15 15:36:21 UTC 2017


On 10/03/17 23:15, Ryan Sleevi via Public wrote:
> So now that we've had our lovely chat about revocation, can we go back
> to the substance of the question:

Yes; it would be great if, without disappearing down another
revocation-related rathole, we could get some sense of the answer to the
below:

>     It would be useful if those members could say whether 13 months would
>     still be unacceptably short if the date for introduction of the 13 month
>     requirement were something like 1st March 2019, 2 years from now.
>     If we can get consensus that this reduction is OK with a long enough
>     lead time, that might lead us to a ballot where the max. lifetime was
>     reduced to 27 months on 1st March 2018, and 13 months on 1st March 2019,
>     meaning that by 1st May 2020, all unexpired certificates would be of
>     lifetime 13 months or fewer.
>     If members feel that even with 2 years lead time, this reduction is
>     still unacceptable, we should pass ballot 193 or something like it,
>     thereby indicating to the world that we have no plans for further
>     reductions in a CAB Forum context.

Given the way they voted, I am particularly hoping for input from the
following: DigiCert, Entrust, Izenpe, Quo Vadis, Actalis, Symantec,
Trustwave, CFCA, GDCA and Apple.

Gerv



More information about the Public mailing list