[cabfpub] Deprecating support for long-lived certificates
Kathleen Wilson
kwilson at mozilla.com
Thu Aug 29 00:23:29 UTC 2013
On 8/28/13 8:05 AM, Rob Stradling wrote:
> On 26/08/13 21:56, Kathleen Wilson wrote:
>> Rick,
>>
>> I believe you are referring to this:
>> https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Baseline_Requirements
>> "As of February 2013, SSL certificate issuance must also be audited
>> according to the Baseline Requirements (BRs), as described above. The
>> first BR audit for each CA and subCA may include a reasonable list of
>> BRs that the CA (or subCA) is not yet in compliance with. The second BR
>> audit (the following year) is expected to confirm that the issues that
>> were listed in the previous BR audit have been resolved.
>> All other dates are as specified by the CA/Browser Forum."
>>
>> The intent was to recognize that there may be some situations in which a
>> CA may not be able to comply with particular BRs in time for their first
>> BR audit, and to allow a way for the CA to move towards full compliance
>> while still being audited according to the BRs this year.
>>
>> The "effective dates" remain as stated by the CA/Browser Forum.
>
> Kathleen, the BRs also say:
> "The Requirements are not mandatory for Certification Authorities
> unless and until they become adopted and enforced by relying–party
> Application Software Suppliers."
>
> IINM, the first Application Software Supplier to adopt/enforce the BRs
> was Mozilla, and the date you did that was significantly later than
> the "Effective Date".
>
So, based on your reasoning, the "Effective Date" would be January 10, 2013?
https://wiki.mozilla.org/CA:Communications#January_10.2C_2013
Or February 14, 2013?
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Time_Frames_for_included_CAs_to_comply_with_the_new_policy
Kathleen
More information about the Public
mailing list