[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

Ryan Sleevi sleevi at google.com
Wed Feb 1 21:16:34 UTC 2017

On Wed, Feb 1, 2017 at 1:01 PM, Dean Coclin <Dean_Coclin at symantec.com>

> Is there some rationale for the 12/13 month selection? Why wasn’t
> 6/9/14/18 months considered? It appears a balance is being sought but it is
> unclear what parameters are being weighed in this decision process.

As mentioned at a number of F2F, we're happy to go shorter, but don't
consider anything longer than 13 months viable. It would be incredibly
difficult for any reasonable person to suggest that the convenience
benefits (if any) of 14/18 months outweighs the security benefits.

To date, no one in the Forum has proposed 6/9 months, so it didn't seem
necessary to introduce that conversation now, especially when CAs are
familiar enough with 12/13 month cycles. I'm sure as we see ACME progress
in IETF, that the diversity of automated issuance (whether SCEP, ACME, EST,
CMC, etc) will have us revisiting that conversation and exploring a further
reduction, but it's not one that seems critical to have right now.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170201/066eda4b/attachment-0003.html>

More information about the Public mailing list