Le 29/11/13 10:20, Gervase Markham a écrit :
Prompted by Rob Stradling, I just added the following to the Potentially
Problematic Practices page:
===Backdating the notBefore date===
Certificates do not contain an issue timestamp, so it is not possible to
be certain when they were issued. The notBefore date is the start of the
certificate's validity range, and is set by the CA. It should be a
reasonable reflection of the date on which the certificate was issued.
Minor tweaking for technical compatibility reasons is accepted, but
backdating certificates in order to avoid some deadline or code-enforced
restriction is not.
Comments?
Gerv
I suppose that this requirement is specifically targeted at CA's that
could try to "cheat" deadlines such as Microsoft's recent announcement
on forbiding CA's to issue SHA-1 certs after the 1st of January, 2015 ?
S.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy