Hello, I'm investigating an issue on behalf of a customer. Our customer requested a multi-year certificate that was issued on March 1st by Comodo.
Here's the certificate: https://crt.sh/?id=354042595 Validity Not Before: Mar 1 00:00:00 2018 GMT Not After : May 29 23:59:59 2021 GMT The certificate is currently considered invalid at least by Google Chrome. It's my understanding that Google Chrome uses a >= comparison, which effectively means certificates issued on March 1st are already subject to Ballot 193. However, it looks like the interpretation of Comodo of Ballot 193 here is based on a > comparison, since the certificate was issued with a 3y validity. BR 6.3.2 says: > Subscriber Certificates issued after 1 March 2018 MUST have a Validity Period > no greater than 825 days. > Subscriber Certificates issued after 1 July 2016 but prior to 1 March 2018 > MUST have a Validity Period no greater than 39 months. I'd appreciate some hints about whether a certificate issued on March 1st should be considered subject to Ballot 193 or not. Best, -- Simone _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
