Hi Christian, I think your concern is about how our code will enforce this. Because our policy only applies to roots that are built in, our intent is to have our code apply this restriction only to certificates that chain up to built-in roots. Thanks, Ben
On Mon, Jul 13, 2020 at 10:37 PM Christian Felsing via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Am 09.07.2020 um 17:46 schrieb Ben Wilson via dev-security-policy: > > > https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/ > > Hi, > > blog post should clarify if this is valid for certificates issued by > preinstalled root CAs only or also for CAs installed by user. > > > regards > Christian > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy