[cabfpub] Restrict certificate lifetime to domain registration period (if certificate expiry date is greater than domain registration)

James Burton james at sirburton.com
Fri Jan 12 12:54:01 UTC 2018


CAs could introduce a monthly certificate pricing with a minimal start term
of 3 months and you only pay for the months you need.

On Fri, Jan 12, 2018 at 12:36 PM, Matthias Merkel <moritz30 at moritz30.de>
wrote:

> One thing you should consider though is that a lot of people only renew
> their domains when they are due but may want to keep them for longer. Maybe
> CAs should provide free renewal up to the paid certificate lifetime when
> the domain is renewed.
>
>
> ---- On Fr, 12 Jan 2018 12:33:48 +0100 * public at cabforum.org
> <public at cabforum.org> * wrote ----
>
> I will compile a spreadsheet of whois availability of all TLDs listed
> here: https://www.iana.org/domains/root/db and get back to you with the
> results.
>
>
> On Fri, Jan 12, 2018 at 8:05 AM, Ryan Sleevi <sleevi at google.com> wrote:
>
>
>
> On Thu, Jan 11, 2018 at 7:52 PM, James Burton <james at sirburton.com> wrote:
>
> *The Baseline Requirements, Section 4.9.1.1, requires that the CA revoke
> if:*
> *6. The CA is made aware of any circumstance indicating that use of a
> Fully-Qualified Domain Name or IP*
> *address in the Certificate is no longer legally permitted (e.g. a court
> or arbitrator has revoked a Domain Name*
> *Registrant’s right to use the Domain Name, a relevant licensing or
> services agreement between the Domain*
> *Name Registrant and the Applicant has terminated, or the Domain Name
> Registrant has failed to renew the*
> *Domain Name); *
>
> It would be great if one or more of the CAs here could provide me with
> some yearly statistics of certificates revoked due to these circumstances
> listed above.
>
> *In order to do something as you propose, it must be possible to determine
> the domain registration period. How do you propose to do that consistently
> for all domains? (It's not actually available consistently).*
>
> All registries must provide a whois/status service, so determining the
> domain registration period is as simple as hot knife going through butter.
>
>
> While true for ICANN-contracted TLDs, there are TLDs beyond those - such
> as ccTLDs. That's what I was referring to, as it was recently discussed in
> the Forum regarding 3.2.2.4.1 methods of validation, and is (as some
> members noted), part of why 3.2.2.4.1 exists.
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180112/f08f11d9/attachment-0003.html>


More information about the Public mailing list