[cabfpub] Certificate lifetimes: end state or trajectory?

García Jimeno, Oscar o-garcia at izenpe.eus
Mon Mar 20 13:11:11 UTC 2017


We consider that this two years phase's roadmap is enough to adapt our systems (and try to automatize as much as possible) and to make aware our customers of the improvement in security.
Thanks

.eus GARA !
horregatik orain nire helbide elektronikoa da:
por eso mi dirección de correo electrónico ahora es:  o-garcia at izenpe.eus

Oscar García
CISSP, CISM




ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.



-----Mensaje original-----
De: Public [mailto:public-bounces at cabforum.org] En nombre de Gervase Markham via Public
Enviado el: miércoles, 15 de marzo de 2017 16:36
Para: CA/Browser Forum Public Discussion List
CC: Gervase Markham
Asunto: Re: [cabfpub] Certificate lifetimes: end state or trajectory?

On 10/03/17 23:15, Ryan Sleevi via Public wrote:
> So now that we've had our lovely chat about revocation, can we go back 
> to the substance of the question:

Yes; it would be great if, without disappearing down another revocation-related rathole, we could get some sense of the answer to the
below:

>     It would be useful if those members could say whether 13 months would
>     still be unacceptably short if the date for introduction of the 13 month
>     requirement were something like 1st March 2019, 2 years from now.
>     If we can get consensus that this reduction is OK with a long enough
>     lead time, that might lead us to a ballot where the max. lifetime was
>     reduced to 27 months on 1st March 2018, and 13 months on 1st March 2019,
>     meaning that by 1st May 2020, all unexpired certificates would be of
>     lifetime 13 months or fewer.
>     If members feel that even with 2 years lead time, this reduction is
>     still unacceptable, we should pass ballot 193 or something like it,
>     thereby indicating to the world that we have no plans for further
>     reductions in a CAB Forum context.

Given the way they voted, I am particularly hoping for input from the
following: DigiCert, Entrust, Izenpe, Quo Vadis, Actalis, Symantec, Trustwave, CFCA, GDCA and Apple.

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public



More information about the Public mailing list