[cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

Gervase Markham gerv at mozilla.org
Fri Feb 10 15:37:58 UTC 2017


On 10/02/17 15:31, Peter Bowen wrote:
> https://cabforum.org/pipermail/public/2017-February/009388.html has the
> EV stats (which are very complete due to Chrome’s CT requirement).
>  About 19.5% of EV certificates have a validity period of 12 months or less.

OK. So leaving aside DV for the moment, it seems clear that any
proposals to reduce issuance lifetimes short of a MUST are not going to
have any significant effect. This has been RECOMMENDED since the EV
standard was first written, and less than one in five EV certificates
follows that recommendation.

This is perfectly understandable, given market forces, but I hope it
will help some CAs understand why browsers feel that a mandatory maximum
is required rather than anything softer.

Gerv




More information about the Public mailing list