[cabf_validation] Question on cert validity period for EV certs

Bruce Morton bruce.morton at entrust.com
Thu Sep 3 08:56:41 MST 2015

My observation is the ballot would be the majority of the browsers would vote No.

Another suggestion would to increase the EV 13 month re-validate period to 27 months, which would be the same as the maximum validity period. This would make this requirement consistent with DV/OV where both the maximum validity period and the re-validate period are the same at 39 months.

The benefit would be to reduce cost of EV certificates.


From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of Doug Beattie
Sent: Tuesday, September 1, 2015 11:49 AM
To: kirk_hall at trendmicro.com; validation at cabforum.org
Subject: Re: [cabf_validation] Question on cert validity period for EV certs

It’s only worth it if we think there is a chance of it passing.  Google will say no, do we understand the other Brower views on the topic?  If they are all going to reject it, let’s spend the time doing something else….


From: validation-bounces at cabforum.org<mailto:validation-bounces at cabforum.org> [mailto:validation-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>
Sent: Tuesday, September 1, 2015 11:43 AM
To: validation at cabforum.org<mailto:validation at cabforum.org>
Subject: [cabf_validation] Question on cert validity period for EV certs

Here is an excerpt from the minutes of the last full Forum con call on Aug. 20 when we discussed possible changes to cert validity periods.  I think it would be fair to say that CAs either supported or did not oppose allowing EV certs to be issued for 3 years (the same as DV and OV certs today), but that there could be resistance from one or more browsers.

There are also potential questions about data validity periods for DV, OV, and EV certs, but I’m not sure that would arise with a ballot to extend EV cert validity periods from 2 years to 3 years.

Question for the Validation Working Group: Do we want to propose a ballot to extend the possible maximum validity period for EV certs to 3 years?

Here are the minutes:

Cert validity periods: Kirk sent out a matrix of the different options that came out of the F2F meeting in Zurich. This was discussed in the validation working group where many different opinions were presented. A consensus which seemed to emerge is that it didn’t make sense to reduce EV validity timeframe further and perhaps we should increase it to 3 years to match DV and OV. The WG will finalize their recommendation shortly. Eddy said there are much less EV certificates used so it’s easier to switch them out if there were a problem. Hence there shouldn’t be objections to raising to 3 years. Ben said Digicert would like to see all the validity periods to be the same, no matter what the length. Bruce also said they prefer 3 year EV. He also asked about the re-validation timeframe. Wayne said we need to attack one piece at a time but also said the validity period of the data is more important than the validity period of the cert. Kirk asked if there were any objections from those on the call about changing EV to 3 years. Mat from Apple said his colleague Geoff may have some issues with that. Kirk said the Validation WG will put something out on the mailing list for discussion.


The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20150903/e2e2a34c/attachment.html 

More information about the Validation mailing list