Thanks to all of you who have participated in this discussion. We plan
to begin work on a minor update (version 2.7.1) to Mozilla's Root Store
Policy soon. In response to this discussion, the following two issues
have been created and labelled for 2.7.1.
Wayne filed https://github.com/mozilla/pkipolicy/issues/204
"Limit TLS Certificates to 398 day validity after Aug 31, 2020"
And I filed https://github.com/mozilla/pkipolicy/issues/206
"Limit re-use of domain name verification to 395 days"
which says:
"When we update Mozilla's Root Store Policy to limit TLS certificate
validity periods to 398 days, we should also update the policy to limit
re-use of domain name verification results.
I started discussion about this in m.d.s.p, and consensus appears to
support the idea, with the two primary recommendations:
- Change the effective date to April 2021 to give CAs time to update
their processes.
- Provide a Mozilla Security Blog explaining the reasons for making this
change. The idea being to provide one place where people can go to read
about why it is important to frequently re-verify domain name ownership
and why it is important to reduce TLS cert validity periods."
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
