[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Thu Aug 8 01:18:59 UTC 2013 

I think you have it backward.  BR 9.4 outlawed issuance of new 10 year certs effective July 1, 2012.  BR 9.4 also outlawed new 60 month certificates effective April 1, 2015, except for special cases as listed.  After April 1, 2015, new certificates can only be issued for 39 months (except for the special cases where 60 new month certificates can be issued).  So the Forum’s approach in gradually shortening the permitted validity period over time was entirely logical.

And many of us in the Forum don’t think that a pre-BR certificate that is reissued for the remainder of the calendar validity period for a technical reason is a “new”  or post-BR certificate subject to the rules for new certificates.  That’s the basic difference in our point of view.  We don’t think CAs should be forced to breach their pre-BR customer agreements where there is no showing of an actual, significant security issue.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Wednesday, August 07, 2013 1:12 AM
To: public at cabforum.org >> public at cabforum.org
Subject: Re: [cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements


***

And since you are surprised about the logical expectation as we've discussed it extensively, why do you think the BR has a staged approach for long-living certificates - first to 60 month and then to 39 month? What could be the reason for it?

Regards



Signer:

Eddy Nigg, COO/CTO



StartCom Ltd.<http://www.startcom.org>

XMPP:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Twitter:

Follow Me<http://twitter.com/eddy_nigg>





<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130808/ce8df43f/attachment-0003.html>

More information about the Public mailing list