Validity period is a defined term in the BRs and refers to the time between issuance and expiry. Since the new language uses that term without any modifiers like "remaining", it seems clear to me that both of those example certificates would need to be revoked. ________________________________ From: dev-security-policy <[email protected]> on behalf of Bruce via dev-security-policy <[email protected]> Sent: Wednesday, November 14, 2018 5:37:20 PM To: [email protected] Subject: Re: CA Communication: Underscores in dNSNames
Hi Wayne, I wanted to get some clarification. For example, let's say that a Subscriber has a 1 year certificate which expires on 30 January 2019. On 15 January 2019, the remaining validity period is less than 30 days; as such, I interpret that the certificate does not have to be revoked. On the other hand, if the Subscriber has a 1 year certificate which expires on 31 March 2019, then on 15 January 2019, the remaining validity period is greater than 30 days, so this certificate must be revoked. Is the above interpretation correct? Thanks, Bruce. _______________________________________________ dev-security-policy mailing list [email protected] https://scanmail.trustwave.com/?c=4062&d=qqPs2ylE2M0AE1hucuCDnbrKTL8yhgbe2AJ51iwegw&s=5&u=https%3a%2f%2flists%2emozilla%2eorg%2flistinfo%2fdev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

