[cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

Peter Bowen pzb at amzn.com
Fri Feb 10 15:31:29 UTC 2017


> On Feb 10, 2017, at 1:08 AM, Gervase Markham via Public <public at cabforum.org> wrote:
> 
> On 09/02/17 21:08, Ryan Sleevi via Public wrote:
>> The validity period for an EV Certificate SHALL NOT exceed twenty seven
>> months. It is RECOMMENDED that EV
>> Subscriber Certificates have a maximum validity period of twelve months.
> 
> What I'm quoting here is the current EV guidelines wording. Does anyone
> have stats on what percentage of EV certificates follow that RECOMMENDED
> recommendation, and how that compares with DV?

https://cabforum.org/pipermail/public/2017-February/009388.html <https://cabforum.org/pipermail/public/2017-February/009388.html> has the EV stats (which are very complete due to Chrome’s CT requirement).  About 19.5% of EV certificates have a validity period of 12 months or less.

I don’t have DV data.  It will obviously be heavily skewed by one issuer that has more than twenty million unexpired DV certificates.  That one CA accounts for more than 56% of _all_ known unexpired certificates (DV/OV/EV combined).  A second issuer accounts for more than 13% of all certificates.  Together they have 69.9%.  It is known that both these issuers do offer any options for certificate duration and do not charge for certificates, which means they tend to skew the data.

Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170210/cd9314e1/attachment-0003.html>


More information about the Public mailing list