[cabfpub] Ballot 185 - Limiting the Lifetime of Certificates

Ryan Sleevi sleevi at google.com
Mon Feb 13 19:03:07 UTC 2017

On Sat, Feb 11, 2017 at 4:13 PM, Kirk Hall via Public <public at cabforum.org>

> I don't know that, Peter -- I'll let the others who negotiate those
> matters with partners and customers offer their opinions.  But I know it's
> more than 2 months!

How, though? That doesn't seem to be useful or actionable feedback - it
just seems another form of "I know it's not this, but I don't know and
can't explain why?"

> I offered the comment because most of this conversation has focused on
> technical issues, but there are significant business issues to consider as
> well.  If there is no emergency, most changes like this should be phased in
> over time to avoid disruption.

Previously, the Forum had agreed that, in general, three months was a
reasonable period of phase in. When there were issues, we agreed that CAs
would help specifically articulate those issues to help Browsers
understand. However, we also recognized that the incentives structures
being what they are, that the absence of data does not necessarily indicate
a meaningful objection on ecosystem merits. How long do you think it will
take for the Entrust people who negotiate those matters with partners and
customers to come back with specific issues? This seems like it might be
accomplished within a few days, if appropriately prioritized, since it's
entirely internal to CAs (that is, it's actions their employees perform),
and that might still be in time for the discussion period to take into
