Re: Maximum validity of pre-BR certificates

2017-03-04 Thread Ryan Sleevi via dev-security-policy
On Sat, Mar 4, 2017 at 4:20 PM, Daniel Cater via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Saturday, 4 March 2017 21:21:41 UTC, Jeremy Rowley wrote: > > Common practice amongst certain cas. There were several cas that have > always opposed cert validity periods

Re: Maximum validity of pre-BR certificates

2017-03-04 Thread Daniel Cater via dev-security-policy
On Saturday, 4 March 2017 21:21:41 UTC, Jeremy Rowley wrote: > Common practice amongst certain cas. There were several cas that have always > opposed cert validity periods longer than three years. This opposition lead > to the reducing the validity period first to 60 months then to 39 months.

Re: Maximum validity of pre-BR certificates

2017-03-04 Thread Jeremy Rowley via dev-security-policy
Common practice amongst certain cas. There were several cas that have always opposed cert validity periods longer than three years. This opposition lead to the reducing the validity period first to 60 months then to 39 months. > On Mar 4, 2017, at 2:01 PM, Peter Bowen via dev-security-policy >

Re: Maximum validity of pre-BR certificates

2017-03-04 Thread Peter Bowen via dev-security-policy
On Sat, Mar 4, 2017 at 12:22 PM, Daniel Cater via dev-security-policy wrote: > On Saturday, 4 March 2017 20:14:09 UTC, Jeremy Rowley wrote: >> 1.0 is not the definitive version any more. As of 2015‐04‐01, Section >> 6.3.2 prohibits validity periods longer

RE: Maximum validity of pre-BR certificates

2017-03-04 Thread Jeremy Rowley via dev-security-policy
Yes - several CAs issued 60 month+ certs prior to 1.0. In fact, 10 year certs were not especially uncommon. The validity period available depended largely on the CA. -Original Message- From: dev-security-policy

Re: Maximum validity of pre-BR certificates

2017-03-04 Thread Daniel Cater via dev-security-policy
On Saturday, 4 March 2017 20:14:09 UTC, Jeremy Rowley wrote: > 1.0 is not the definitive version any more. As of 2015‐04‐01, Section > 6.3.2 prohibits validity periods longer than 39 months. > Thanks for the prompt reply Jeremy. I realise this. My question relates to what the situation was

RE: Maximum validity of pre-BR certificates

2017-03-04 Thread Jeremy Rowley via dev-security-policy
1.0 is not the definitive version any more. As of 2015‐04‐01, Section 6.3.2 prohibits validity periods longer than 39 months. -Original Message- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Daniel Cater via

Maximum validity of pre-BR certificates

2017-03-04 Thread Daniel Cater via dev-security-policy
Hello, Version 1.0 of the Baseline Requirements stated that: "Certificates issued after the Effective Date MUST have a Validity Period no greater than 60 months". The effective date for this version was 2012-07-01 (https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf). I