> On 3/11/20 3:51 PM, Paul Walsh wrote: > > Can you provide some insight to why you think a shorter frequency in > domain validation would be beneficial? > > To start with, it is common for a domain name to be purchased for one year. > A certificate owner that was able to prove ownership/control of the domain > name last year might not have renewed the domain name. So why should > they be able to get a renewal cert without having that re-checked?
This has been a favorite point of Jeremy's for as long as I've been participating in the CA/Browser Forum and on this list. Tying certificate lifetimes more closely to the lifetime and validity of the domains they are protecting would actually make a lot of sense, and we'd support any efforts to do so. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy