1.0 is not the definitive version any more. As of 2015‐04‐01, Section 6.3.2 prohibits validity periods longer than 39 months.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Daniel Cater via dev-security-policy Sent: Saturday, March 4, 2017 1:02 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Maximum validity of pre-BR certificates Hello, Version 1.0 of the Baseline Requirements stated that: "Certificates issued after the Effective Date MUST have a Validity Period no greater than 60 months". The effective date for this version was 2012-07-01 (https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf). I noticed that cablint has a warning stating: "W: Pre-BR certificates should not be more than 120 months in validity" (https://github.com/awslabs/certlint/blob/68a2c46f5146025910a0e17f2f34351e3b 4b8802/lib/certlint/cablint.rb#L328). Was this a technical limitation or a policy of some kind? I can't find any reference for it. Any insight the guidelines, rules, or common practices relating to maximum certificate lifetime prior to the Baseline Requirements would be appreciated. Thank you. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy