[cabfpub] New CT Policy for Chrome Published - May 2016

Ryan Sleevi sleevi at google.com
Wed May 4 13:51:16 MST 2016

This is to let everyone know that the May 2016 CT Policy is now published
link is

This update was discussed at
contains the details and justifications for the change, which we believe
should not negatively affect anyone that was complying with the existing

Specific for the CAs who may not be participating in the ct-policy list,
this hopefully clarifies what should be supported for DV/OV certificates.
The naming of the previous policy - though clearly designed to cover non-EV
certificates by virtue of the discussions of certificate lifetimes - lead
to some CAs being confused about what was expected for these other types.

This does not provide a timeline for when it will be required for DV/OV,
because as I've expressed in every meeting since we've begin deploying CT,
we are still proceeding slowly in order to allow CAs, log operators,
monitors, and browsers necessary time to gain experience with deploying and
interacting with CT in a meaningful and scalable way. However, that said,
we welcome any and all CAs to comply with this policy (precertificates in
particular) as a means of avoiding any potential issues or delays in
deploying CT for when that timeline is finalized and announced, and to the
benefit of your customers and the PKI ecosystem.

Note that there are clear benefits for your users and customers, even
absent a Chrome requirement, as evidenced by posts such as
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160504/faa8a477/attachment.html 

More information about the Public mailing list