On 23/01/18 22:55, Jonathan Rudenberg via dev-security-policy wrote:
<snip>
https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Backdating_the_notBefore_Date
This incident makes me think that two changes should be made:
1) The Root Store Policy should explicitly ban forward and back-dating the
notBefore date.
I think it would be reasonable and sensible to permit back-dating
insofar as it is deemed necessary to accommodate client-side clock-skew.
2) Firefox should implement a technical check to enforce the validity period so
that issuance practices like this do not impact users (see
https://bugzilla.mozilla.org/show_bug.cgi?id=908125)
Jonathan
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy