[cabfpub] Certificate lifetimes: end state or trajectory?
Gervase Markham
gerv at mozilla.org
Wed Mar 15 15:36:21 UTC 2017
On 10/03/17 23:15, Ryan Sleevi via Public wrote:
> So now that we've had our lovely chat about revocation, can we go back
> to the substance of the question:
Yes; it would be great if, without disappearing down another
revocation-related rathole, we could get some sense of the answer to the
below:
> It would be useful if those members could say whether 13 months would
> still be unacceptably short if the date for introduction of the 13 month
> requirement were something like 1st March 2019, 2 years from now.
> If we can get consensus that this reduction is OK with a long enough
> lead time, that might lead us to a ballot where the max. lifetime was
> reduced to 27 months on 1st March 2018, and 13 months on 1st March 2019,
> meaning that by 1st May 2020, all unexpired certificates would be of
> lifetime 13 months or fewer.
> If members feel that even with 2 years lead time, this reduction is
> still unacceptable, we should pass ballot 193 or something like it,
> thereby indicating to the world that we have no plans for further
> reductions in a CAB Forum context.
Given the way they voted, I am particularly hoping for input from the
following: DigiCert, Entrust, Izenpe, Quo Vadis, Actalis, Symantec,
Trustwave, CFCA, GDCA and Apple.
Gerv
More information about the Public
mailing list