On Thu, Oct 13, 2016 at 08:52:13PM +0100, Gervase Markham wrote:
> > 4) Remove the
> > Affected Roots from NSS after the SSL certificates issued before
> > October 1, 2016, have expired or have been replaced.
> 
> That should be in approximately 39 months time, as that's the max
> issuance length allowed by the BRs.

There is actually an expection allowing 60 months. But the last
one currently seems to be expiring on 2020-01-07 09:30:49+00,
which is 39 months from now.


Kurt

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to