On 12/04/2013 02:44 AM, From Jan Schejbal:
Issuing a backdated end-entity certificate should be considered misissuance. (Possibly allowing a small, clearly defined amount of hours that certs can be backdated for technical reasons.)
Not necessarily technical, but we use the validity time to add some additional randomness to the cert and issuance, respectively expiration time varies +- 24 hours into each direction.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy