On Thu, Oct 13, 2016 at 08:52:13PM +0100, Gervase Markham wrote: > > 4) Remove the > > Affected Roots from NSS after the SSL certificates issued before > > October 1, 2016, have expired or have been replaced. > > That should be in approximately 39 months time, as that's the max > issuance length allowed by the BRs.
There is actually an expection allowing 60 months. But the last one currently seems to be expiring on 2020-01-07 09:30:49+00, which is 39 months from now. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
