Jeremy Rowley <[email protected]> writes: >I think this is a good idea. Per 5280, the notBefore date is used to >indicate the start of the certificate's validity (not the date it was >issued). Using a new optional extension for issuance date will avoid causing >technical problems with other systems and still let Mozilla enforce the BRs.
Doesn't this extension already exist in the form of the privateKeyUsagePeriod? That's actually extremely useful for limiting the exposure of a key, you set the pKUP to when the key is active and the validFrom/To the period when you can check e.g. a signature generated with the cert. Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
