Ben,
For the avoidance of doubt, I assume this means Sept 1, 00:00 UTC.
-Original Message-
From: dev-security-policy On
Behalf Of Ben Wilson via dev-security-policy
Sent: Friday, July 10, 2020 12:49 PM
To: mozilla-dev-security-policy
Subject: Re: New Blog Post on 398-Day Certificate
Hi Ben,
For now I won’t comment on the 398 day limit or the date which you propose this
to take effect (July 1, 2021), but on the ability of CAs to re-use domain
validations completed prior to 1 July for their full 825 re-use period. I'm
assuming that the 398 day limit is only for those
Hi Ben,
Regarding the redlined spec:
https://github.com/mozilla/pkipolicy/compare/master...BenWilson-Mozilla:2.7.1?short_path=73f95f7#diff-73f95f7d2475645ef6fc93f65ddd9679d66efa9834e4ce415a2bf79a16a7cdb6
Is this a meaningful statement given max validity is 398 days now?
5. verify that all
Thanks Ben.
What’s the purpose of this statement:
5. verify that all of the information that is included in server certificates
remains current and correct at intervals of 825 days or less;
The BRs limit data reuse to 825 days since March 2018 so I don’t think this
adds anything. If it
Ben,
I'd prefer that we tie this to a date related to when the domain validations
are done, or perhaps 2 statements. As it stands (and as others have
commented), on July 1 all customers will immediately need to validate all
domains that were done between 825 and 397 days ago, so a huge number
101 - 105 of 105 matches
Mail list logo