Hello, Version 1.0 of the Baseline Requirements stated that:
"Certificates issued after the Effective Date MUST have a Validity Period no greater than 60 months". The effective date for this version was 2012-07-01 (https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf). I noticed that cablint has a warning stating: "W: Pre-BR certificates should not be more than 120 months in validity" (https://github.com/awslabs/certlint/blob/68a2c46f5146025910a0e17f2f34351e3b4b8802/lib/certlint/cablint.rb#L328). Was this a technical limitation or a policy of some kind? I can't find any reference for it. Any insight the guidelines, rules, or common practices relating to maximum certificate lifetime prior to the Baseline Requirements would be appreciated. Thank you. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
