On 24/01/18 04:57, David E. Ross wrote: > I am not sure about prohibiting forward-dating the notBefore date. I > can picture a situation where an existing site certificate is going to > expire. The site's administration decides to obtain a new certificate > from a different certification authority. Because of various > administrative processes, the switch to the new site certificate cannot > be accomplished quickly (e.g., moving the server); so they establish a > notBefore date that is a month in the future.
Why would that be _necessary_? What would go wrong if the cert was cut with a notBefore of the current date, apart from the fact that they'd need to renew it a month earlier? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy