On 04/12/13 08:40, Eddy Nigg wrote:
On 12/04/2013 02:44 AM, From Jan Schejbal:
Issuing a backdated end-entity certificate should be considered
misissuance. (Possibly allowing a small, clearly defined amount of
hours that certs can be backdated for technical reasons.)
Not necessarily technical, but we use the validity time to add some
additional randomness to the cert and issuance, respectively expiration
time varies +- 24 hours into each direction.
Hi Eddy. The latest Windows Root Certificate Program technical
requirements [1] say..
"END-ENTITY CERTIFICATES
...
CAs are no longer allowed to place entropy into the Date fields."
[1]
http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
