All, Here is the currently proposed wording for subsection 5.1 of MRSP section 2.1:
" 5.1. for server certificates issued on or after October 1, 2021, verify each dNSName or IPAddress in a SAN or commonName at an interval of 398 days or less;" Ben On Fri, Feb 26, 2021 at 9:48 AM Ryan Sleevi <r...@sleevi.com> wrote: > > > On Thu, Feb 25, 2021 at 7:55 PM Clint Wilson via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> I think it makes sense to separate out the date for domain validation >> expiration from the issuance of server certificates with previously >> validated domain names, but agree with Ben that the timeline doesn’t seem >> to need to be prolonged. What about something like this: >> >> 1. Domain name or IP address verifications performed on or after July 1, >> 2021 may be reused for a maximum of 398 days. >> 2. Server certificates issued on or after September 1, 2021 must have >> completed domain name or IP address verification within the preceding 398 >> days. >> >> This effectively stretches the “cliff” out across ~6 months (now through >> the end of August), which seems reasonable. >> > > Yeah, that does sound reasonable. > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
