[cabfpub] Ballot 185 - Next steps

Ryan Sleevi sleevi at google.com
Fri Feb 24 19:10:27 UTC 2017

On Fri, Feb 24, 2017 at 10:51 AM, Gervase Markham <gerv at mozilla.org> wrote:

> My assumption here is that they key date is the one when the last
> "39-month" cert expires, and so all certs in existence are of the new,
> shorter length. If we (unrealistically) made a change to 13 months
> tomorrow, that would be 24th May 2020.

At least for Chrome, I cannot state that assumption is fair/correct.

Your assumption relies on there being no issues. My operating model is
there will be CA issues in the course of the next three years that will
necessitate invaliding certificates issued today (and up to that 'period')

Note that this is not the _only_ objection to staggering, but it merely
clarifies why your operating assumption is not accurate.

> If we say "we will move straight to 13 months", then it might be a year
> (say) before we could institute such a change. That would make the key
> date 24th May 2021.

As stated above, that's the date if nothing bad happens in the ecosystem.
It will, however, so that's not the key date.

> So there is a possible benefit in a 2-phase approach - we get where we
> want to be quicker. But if CAs feel that the complexity of having two
> phases is more than it's worth, then the idea won't fly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170224/18cac36e/attachment-0003.html>

More information about the Public mailing list