[cabfpub] Age of Certificate Data
Doug Beattie
doug.beattie at globalsign.com
Thu Dec 3 05:35:13 MST 2015
I might have mentioned this before but ran across it again today. Prior to
RFC 3647 format conversion we had this:
11.3 Age of Certificate Data
Section 9.4 limits the validity period of Subscriber Certificates. The CA
MAY use the documents and data provided in Section 11 to verify certificate
information, provide that the CA obtained the data or document from a source
specified under Section 11 no more than thirty-nine (39) months prior to
issuing the Certificate.
But now we have this:
3.3 Identification and authentication for re-key requests
3.3.1 Identification and Authentication for Routine Re-key
Section 6.3.2 limits the validity period of Subscriber Certificates. The
CA MAY use the documents and data provided in Section 3.2 to verify
certificate information, provided that the CA obtained the data or document
from a source specified under Section 3.2 no more than thirty-nine (39)
months prior to issuing the Certificate.
The re-use of certificate data seems to be limited to routine Re-key
requests when before it could be used for any purpose. Can we find a new
heading section for this so it's clear we can use it for purposes other than
rekey? Maybe a new section, 3.5, for this purpose?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151203/468d3de7/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4289 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151203/468d3de7/attachment-0001.bin
More information about the Public
mailing list