[cabf_validation] CRL Validity Interval Ballot

Ryan Sleevi sleevi at google.com
Wed Oct 13 13:44:41 UTC 2021


On Wed, Oct 13, 2021 at 9:36 AM Dimitris Zacharopoulos (HARICA) <
dzacharo at harica.gr> wrote:

> I assume that the majority of Members would be in favor of making a
> requirement unambiguous in the BRs that can be measured consistently across
> the board.
>

Right, I think we're in agreement here, but your restating it makes me
think you may believe we're in disagreement?


> I recommend we use this opportunity to fix the existing bug in 4.9.10 and
> set an reasonable effective date for CAs to update their validity period
> configurations for CRLs and OCSP measured in days instead of months. This
> may result in stricter requirements than the existing Root program
> requirements (would that be a first???) but this doesn't necessarily mean
> it is problematic.
>

I'm not sure I understand this point. I just tried to explain why it'd be
problematic, which is something we discussed quite a bit several years ago,
with feedback from WebTrust in particular on this point about the
misalignment between days and calendrical events. Root programs took that
feedback into consideration, and that's why the approach I mentioned
specifically exists to reduce the risk of compliance issues. It's unclear
if you believe those concerns to be unfounded or unnecessary, or if I just
didn't communicate this well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20211013/9b44c151/attachment.html>


More information about the Validation mailing list