[Servercert-wg] Voting is Starting on Ballot SC22: Reduce Certificate Lifetimes (v2)
Berge, J. van den (Jochem) - Logius
jochem.vanden.berge at logius.nl
Fri Sep 6 09:03:41 MST 2019
Logius PKIoverheid votes YES for ballot SC22.
Amongst others, the incident regarding (PKIoverheid) 64-bit serial numbers certificates earlier this year proved to us that (subscriber) agility, at least for our PKI ecosystem, is lacking. The current situation with a longer lifespan (be it 825 days or 3 years as before ballot 193) means that contact between TSPs/CAs and subscribers can be infrequent and has the effect that our subscribers are often unaware of the fact that they have/use a certificate and/or how to replace it.
Yearly renewal (or every 397 days) because of the shorter lifespan as proposed by ballot SC22 will increase awareness and agility with subscribers with the certificate application process (including timely revocation and/or replacement), while still being possible without automation (although that, of course, is a beneficial side-effect of this ballot).
Regardless of the outcome of ballot SC22, Logius PKIoverheid has already decided to limit the maximum validity of TLS certificates issued under the “Staat der Nederlanden” G2, G3 and EV root CAs to a maximum of 397 days, effective November 1, 2019.
Kind regards,
Jochem van den Berge CISSP
Logius PKIoverheid
Public Key Infrastructure for the Dutch government
Ministry of the Interior and Kingdom Relations (BZK)
Wilhelmina van Pruisenweg 52 | 2595 AN | The Hague
PO Box 96810 | 2509 JE | The Hague
jochem.vanden.berge at logius.nl<mailto:Jochem.vanden.berge at logius.nl>
Van: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> Namens Ryan Sleevi via Servercert-wg
Verzonden: woensdag 4 september 2019 04:25
Aan: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Onderwerp: Re: [Servercert-wg] Voting is Starting on Ballot SC22: Reduce Certificate Lifetimes (v2)
Google votes YES on Ballot SC22.
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190906/5b360b3c/attachment-0001.html>
-------------- next part --------------
An embedded message was scrubbed...
From: "Tjung, P.J.S. (Joe-San)" <js.tjung at minvws.nl>
Subject: OoA v2.20 CIBG ter review
Date: Thu, 7 Sep 2017 12:53:38 +0000
Size: 1083795
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190906/5b360b3c/attachment-0001.mht>
More information about the Servercert-wg
mailing list