The Mozilla policy does not prohibit backdating, except when it's used to evade time-based policy controls.
Backdating certs by a few hours is a relatively common practice to minimize breakages for consumers with busted clocks. Alex On Thu, Jan 10, 2019 at 4:43 AM Buschart, Rufus via dev-security-policy < [email protected]> wrote: > The certificate [1] seems also to be 'back-dated' by about 18 hours. What > is Mozillas opinion about this in the light of > https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Backdating_the_notBefore_Date > ? > > > It appears AlwaysOnSSL is not completely disabled - if we trust CT as a > timestamping service, [1] was issued after Hanno's email. > [...] > > [1] https://crt.sh/?id=1097197338 > [...] > > On Wed, Jan 9, 2019 at 8:59 AM Hanno Böck via dev-security-policy < > [email protected]> wrote: > > > > > > Hi, > > > > > > AlwaysOnSSL was a free certificate authority operated by CertCenter. > > > I recently noticed that their main webpage was gone, but pieces of the > > > service were still online. > > > I immediately found a few web security issues. I reported those to > > > certcenter and digicert (which is the root CA their intermediate > > > chains to). > [...] > > > In response to this the service was completely disabled. > [...] > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
