Validity period is a defined term in the BRs and refers to the time between 
issuance and expiry.  Since the new language uses that term without any 
modifiers like "remaining", it seems clear to me that both of those example 
certificates would need to be revoked.
________________________________
From: dev-security-policy <[email protected]> on 
behalf of Bruce via dev-security-policy <[email protected]>
Sent: Wednesday, November 14, 2018 5:37:20 PM
To: [email protected]
Subject: Re: CA Communication: Underscores in dNSNames

Hi Wayne, I wanted to get some clarification.

For example, let's say that a Subscriber has a 1 year certificate which expires 
on 30 January 2019. On 15 January 2019, the remaining validity period is less 
than 30 days; as such, I interpret that the certificate does not have to be 
revoked.

On the other hand, if the Subscriber has a 1 year certificate which expires on 
31 March 2019, then on 15 January 2019, the remaining validity period is 
greater than 30 days, so this certificate must be revoked.

Is the above interpretation correct?

Thanks, Bruce.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://scanmail.trustwave.com/?c=4062&d=qqPs2ylE2M0AE1hucuCDnbrKTL8yhgbe2AJ51iwegw&s=5&u=https%3a%2f%2flists%2emozilla%2eorg%2flistinfo%2fdev-security-policy
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to