Common practice amongst certain cas. There were several cas that have always opposed cert validity periods longer than three years. This opposition lead to the reducing the validity period first to 60 months then to 39 months.
> On Mar 4, 2017, at 2:01 PM, Peter Bowen via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > On Sat, Mar 4, 2017 at 12:22 PM, Daniel Cater via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: >> On Saturday, 4 March 2017 20:14:09 UTC, Jeremy Rowley wrote: >>> 1.0 is not the definitive version any more. As of 2015‐04‐01, Section >>> 6.3.2 prohibits validity periods longer than 39 months. >>> >> >> Thanks for the prompt reply Jeremy. I realise this. My question relates to >> what the situation was (be it a guideline, policy, or just common practice) >> prior to version 1.0. >> >> The cablint message mentions 120 months and I was wondering where that >> number came from. > > Common practice. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
