On 30/03/16 13:11, Jeremy Rowley wrote: > I’m not so sure a lack of desire to change code is a great reason to > avoid something that increases security. However, I do like the 27/27 > proposal as a great step forward. Are the browsers opposed to 27/27? The > only thing in EV really impacted by the longer validity times is domain > validation thanks to the reuse section of the EV Guidelines.
What does 27/27 make longer? EV vetting validity periods? Thing is, if you set a max validity period for vetting, and say that the renewal has to happen within that period, then your actual max validity is 2N - 1 i.e. for 27 month validity, it's 26 + 27 = 53, because people can renew for the maximum period one month before the deadline. If we said 27/27, where the second 27 meant that the _notAfter_ date (as opposed to notBefore) could never be more than 27 months after the vetting, that would be much better. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
