[cabf_validation] Question on cert validity period for EV certs

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Tue Sep 1 08:43:22 MST 2015


Here is an excerpt from the minutes of the last full Forum con call on Aug. 20 when we discussed possible changes to cert validity periods.  I think it would be fair to say that CAs either supported or did not oppose allowing EV certs to be issued for 3 years (the same as DV and OV certs today), but that there could be resistance from one or more browsers.

There are also potential questions about data validity periods for DV, OV, and EV certs, but I'm not sure that would arise with a ballot to extend EV cert validity periods from 2 years to 3 years.

Question for the Validation Working Group: Do we want to propose a ballot to extend the possible maximum validity period for EV certs to 3 years?

Here are the minutes:


Cert validity periods: Kirk sent out a matrix of the different options that came out of the F2F meeting in Zurich. This was discussed in the validation working group where many different opinions were presented. A consensus which seemed to emerge is that it didn't make sense to reduce EV validity timeframe further and perhaps we should increase it to 3 years to match DV and OV. The WG will finalize their recommendation shortly. Eddy said there are much less EV certificates used so it's easier to switch them out if there were a problem. Hence there shouldn't be objections to raising to 3 years. Ben said Digicert would like to see all the validity periods to be the same, no matter what the length. Bruce also said they prefer 3 year EV. He also asked about the re-validation timeframe. Wayne said we need to attack one piece at a time but also said the validity period of the data is more important than the validity period of the cert. Kirk asked if there were any objections from those on the call about changing EV to 3 years. Mat from Apple said his colleague Geoff may have some issues with that. Kirk said the Validation WG will put something out on the mailing list for discussion.


<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150901/1e074185/attachment.html 


More information about the Validation mailing list