[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Jeremy Rowley jeremy.rowley at digicert.com
Fri Feb 10 00:12:19 UTC 2017


No, I don’t think that meeting was fair signal to research how long the transition to one year certs would take. The aggressive proposal at the time was 27 months (which DigiCert proposed). At that time, we reviewed and asked customers about adopting 27 months, and found that it was achievable immediately. How would we have known that Google would try to accelerate that to 12 months instead? 

 

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Thursday, February 9, 2017 3:08 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

 

 

 

On Thu, Feb 9, 2017 at 2:01 PM, Jeremy Rowley <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com> > wrote:

That’s the question and the area where there’s insufficient data to respond. The ballot happened quickly enough that I doubt most of us have had time to evaluate with the customers how long of a transition period they would need.

 

I would highlight some of the points I made to Dean earlier, in https://cabforum.org/pipermail/public/2017-February/009540.html


"Do you believe the CAs who find themselves in such cases were making a good faith effort to participate in the CA/Browser Forum, knowing that discussions have been occurring for three years on this topic? Did such CAs simply assume that any possible attempt to change would be blocked? "

 

For example, do you believe that the discussion in https://cabforum.org/2015/06/24/2015-06-24-face-to-face-meeting-35-minutes/ was a fair signal to take the time to evaluate with customers how long of a transition period they would need? If not, how long should the CA/Browser Forum discuss something before CAs take concrete steps to collect feedback from their users, if 18 months is not sufficient time?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170210/9d23104b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170210/9d23104b/attachment-0001.p7s>


More information about the Public mailing list