[cabfpub] Draft Ballot 185 (2) - Limiting the Lifetime of Certificates

Ryan Sleevi sleevi at google.com
Wed Feb 8 21:32:29 UTC 2017

On Wed, Feb 8, 2017 at 1:09 PM, Jeremy Rowley <jeremy.rowley at digicert.com>

> Hopefully there are a lot more relying parties than server operators
> (which is what the CA’s represent)! I know we’ve recently been polling our
> customers on their support to move to one year certs, and there isn’t quite
> the automation levels needed for us to support this ballot. We support the
> drive towards automation and have been helping customers build automated
> tools for provisioning and deployment, but the customers aren’t quite
> there.  Hence, May 2017 is far too aggressive of timeline to meet in moving
> towards 13 month certs. We do strongly support moving to shorter validity
> periods (for the reasons Ryan cited), but I think May is an unrealistic
> timeframe.

Jeremy, just to make sure I understand this argument: It appears you're
suggesting that 13 months is too onerous for human to do, and thus requires
automation, and thus requires more time to phase in. Is that a correct
understanding of your objection?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170208/d4f7a347/attachment-0003.html>

More information about the Public mailing list