On Saturday, 4 March 2017 21:21:41 UTC, Jeremy Rowley wrote: > Common practice amongst certain cas. There were several cas that have always > opposed cert validity periods longer than three years. This opposition lead > to the reducing the validity period first to 60 months then to 39 months.
The reason I brought this up is that I found this certificate in the wild with a validity of almost 124 months (10 years and 4 months): https://crt.sh/?id=710954&opt=cablint,x509lint I read the cablint warning and wondered if the certificate was in breach of any pre-BR policies at the time that it was issued, but I assume not. Note that the certificate is live and trusted by browsers that haven't yet blocked SHA-1 certificates: https://newleaderscouncil.org/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
