[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input
doug.beattie at globalsign.com
Mon Feb 13 14:57:12 UTC 2017
Reposting with permissions from SSL247.com
That would be my thoughts...
We believe that limiting certificates to 1 year validity would have a big impact on the industry that could lead to worse validation standards that we'd want to avoid.
We know that CAB/forum members and the industry want a 100% https internet, and this is fine, but the consequences of such a big/tough move will be dramatic.
The question behind the scene is not « Customer prefers X » as stated by Ryan Sleevi but "Customers will not be able to cope with Y », Y being 13 months validity on their certs. Probably fine for DV certificates that are delivered through automatic vetting processes but definitely not for OV and EV certs.
This will have a huge impact on vetting for OV and EV certificates, with massive costs increases for CAs (more vetting, means more vetters, means big investments) and for the final customer who will have to go through vetting every year. This move will only benefit the DV market which is definitely not the standard of SSL certificates we want to bring the market to as the customers won’t be able to cope with yearly audits/vettings. Time consumption is a real issue within organizations and they will not be able to bear vetting for OV and EV certificates once a year.
Finally on an economical point of view, browsers are asking CAs and reliable parties to spend more in vetting, infrastructure to increase issuance numbers, but also reducing dramatically invoicing. Spending more and invoicing less is definitely not a viable economical equation, and a lot of smaller players that make the internet safer are going to disappear.
Ben Tack btack at ssl247.fr<mailto:btack at ssl247.fr>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public