[cabf_validation] Question on cert validity period for EV certs
Doug Beattie
doug.beattie at globalsign.com
Tue Sep 1 08:48:37 MST 2015
It’s only worth it if we think there is a chance of it passing. Google will say no, do we understand the other Brower views on the topic? If they are all going to reject it, let’s spend the time doing something else….
Doug
From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Tuesday, September 1, 2015 11:43 AM
To: validation at cabforum.org
Subject: [cabf_validation] Question on cert validity period for EV certs
Here is an excerpt from the minutes of the last full Forum con call on Aug. 20 when we discussed possible changes to cert validity periods. I think it would be fair to say that CAs either supported or did not oppose allowing EV certs to be issued for 3 years (the same as DV and OV certs today), but that there could be resistance from one or more browsers.
There are also potential questions about data validity periods for DV, OV, and EV certs, but I’m not sure that would arise with a ballot to extend EV cert validity periods from 2 years to 3 years.
Question for the Validation Working Group: Do we want to propose a ballot to extend the possible maximum validity period for EV certs to 3 years?
Here are the minutes:
Cert validity periods: Kirk sent out a matrix of the different options that came out of the F2F meeting in Zurich. This was discussed in the validation working group where many different opinions were presented. A consensus which seemed to emerge is that it didn’t make sense to reduce EV validity timeframe further and perhaps we should increase it to 3 years to match DV and OV. The WG will finalize their recommendation shortly. Eddy said there are much less EV certificates used so it’s easier to switch them out if there were a problem. Hence there shouldn’t be objections to raising to 3 years. Ben said Digicert would like to see all the validity periods to be the same, no matter what the length. Bruce also said they prefer 3 year EV. He also asked about the re-validation timeframe. Wayne said we need to attack one piece at a time but also said the validity period of the data is more important than the validity period of the cert. Kirk asked if there were any objections from those on the call about changing EV to 3 years. Mat from Apple said his colleague Geoff may have some issues with that. Kirk said the Validation WG will put something out on the mailing list for discussion.
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150901/0b8cf7c6/attachment-0001.html
More information about the Validation
mailing list