I just checked the CPS of Gandi and the CPS of PublicCA of Chunghwa Telecom, both published in 2009. They are indeed not compliant with the current BR:
"Gandi CA Certification Practice Statement" section 6.3.2: "The validity period of Gandi certificates varies dependent on the certificate type, but typically, a certificate will be valid for 1 to 5 years."[1] "Public Certificate Authority Certification Practice Statement" section 6.3.2.2: "The length of the publicCA subscriber public key and private key is RSA 1024 bits: The maximum usage period of private key is 5 years while the maximum valid period of the public key is 5 years."[2] [1] http://www.gandi.net/static/docs/en/gandi-certification-practice-statement.pdf [2] https://epki.com.tw/download/PublicCA_CPS_English.pdf _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
