[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

Dean Coclin Dean_Coclin at symantec.com
Sat Feb 4 20:00:29 UTC 2017

For those following from outside the forum and without posting privileges, if you would like to comment, you are welcome to email: questions at cabforum.org<mailto:questions at cabforum.org> and someone will re-post add it to the public list discussion.


From: Peter Bowen [mailto:pzb at amzn.com]
Sent: Friday, February 3, 2017 8:34 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Dean Coclin <Dean_Coclin at symantec.com>
Subject: Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates

On Feb 1, 2017, at 1:01 PM, Dean Coclin via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:

I seem to recall some CAs reaching out to enterprise customers to get their opinions. I have to dig a little deeper to find that information but maybe someone on the list has that readily available.

It would be helpful for a wide range of users (enterprises, non-profits, educational institutions, partners, resellers, device manufacturers) to provide input into this discussion to help the community formulate opinions on this major change.


Clearly most users are not allowed to post to the CA/Browser Forum public list, so we may have to infer from data.  I just looked at the certificates for  each of the Alexa top 10,000 domains (found by trying to make a connection to www.<domain<http://www.%3cdomain>> or just the bare domain).  Some did not support HTTPS and some used private certs.  Of those using public certs, 56.3% used certs that were valid for 13 months or less. 6.7% used ones valid for 14 or 15 months, 18.3% used certs valid for 16-27 months, and only 18.7% used certs valid 28-39 months.

So a majority of popular sites already are using certs covered by the proposal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170204/445fb54d/attachment-0003.html>

More information about the Public mailing list