[cabfpub] Voting has started on Ballot 193 - 825-day Certificate Lifetimes

Ryan Sleevi sleevi at google.com
Fri Mar 17 17:58:45 UTC 2017


Google votes YES.

We are supportive of efforts to reduce the validity period of certificates
during issuance, in order to help address the high security and
compatibility risk of long lived certs.

Despite this YES vote, we concur with the opinions expressed by Amazon and
ISRG that this Ballot only represents a stepping stone for improvement. We
do not believe this sufficiently addresses the security concerns of users
or the ecosystem challenges for site operators, even though it is strictly
an improvement over the status-quo.

Similar to Mozilla's position, we are concerned the Forum has failed to
decide if this is a stepping stone for further reductions, and deeply
concerned that Forum membership has generally not been willing to respond
to questions, or allow time for discussion. This Ballot thus poses an
unnecessary and entirely avoidable risk to the ecosystem by not providing a
sufficient roadmap for site operators or CAs to plan and implement further
changes, as raised during the discussion of Ballot 185 by CAs.

We believe that it is necessary to provide guidance on any further
reduction of acceptable validity periods as quickly as possible following
the adoption of this Ballot, so that site operators and CAs can
appropriately plan. In order to address the security needs of our users and
the stability needs of site operators, we look forward to providing such
guidance following this Ballot's adoption.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170317/7f34e21c/attachment-0003.html>


More information about the Public mailing list