So much has changed since the last time we discussed shorter validity periods at CAB forum that it'd be worth bringing up again. I think the vocal minority opposed the change last time and they may have switched positions by now.
> On Nov 18, 2016, at 7:12 AM, Gervase Markham <g...@mozilla.org> wrote: > >> On 18/11/16 01:43, Brian Smith wrote: >> The fundamental problem is that web browsers accept certificates with >> validity periods that are years long. If you want to have the agility to >> fix things with an N month turnaround, reject certificates that are valid >> for more than N months. > > That's all very well to say. The CAB Forum is deadlocked over a proposal > to reduce the max validity of everything to 2 years + 3 months; some > people like it because it removes a disadvantage of EV (which already > has this limit), other's don't like it because people like not having to > change their cert and are willing to pay for longer. Mozilla is in > support, but without agreement, we can hardly implement unilaterally - > the breakage would be vast. > > Gerv > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy