Really appreciate advise and inputs Mark , thank you … Does beg the question will they change the browser checks and how would we know
M From: Mark Goodwin <mark.good...@hardenize.com> Date: Tuesday, 7 July 2020 at 14:54 To: "marc.rn...@gmail.com" <marc.rn...@gmail.com> Cc: "mozilla-dev-security-pol...@lists.mozilla.org" <mozilla-dev-security-pol...@lists.mozilla.org> Subject: Re: 398 Cert Life span 1Sep2020 Hi, I can't answer for any of the vendors but I've read around this a bit; perhaps the following will be of some use: The Apple announcement states that the change affects "only TLS server certificates issued from the Root CAs preinstalled with iOS" - therefore, I think it's safe to assume locally added roots (from Internal CAs) will be unaffected. The Chromium change also appears to only apply to certs from known roots ( https://source.chromium.org/chromium/chromium/src/+/master:net/cert/cert_verify_proc.cc;l=682?q=HasTooLongValidity&ss=chromium ) so Chrome, Edge and other Chromium based browsers look to be the same story. Kind regards, Mark On Mon, 6 Jul 2020 at 15:07, marc.rnlds--- via dev-security-policy <dev-security-policy@lists.mozilla.org<mailto:dev-security-policy@lists.mozilla.org>> wrote: Hi All, How will internal CA's be affected. If I issue or have issued 2 years certificates, how will the browsers treat these certificates ? Just after guidance .. M _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org<mailto:dev-security-policy@lists.mozilla.org> https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy