On Tuesday, July 14, 2020 at 2:13:30 PM UTC-4, Ben Wilson wrote: > Hi Christian, > I think your concern is about how our code will enforce this. Because our > policy only applies to roots that are built in, our intent is to have our > code apply this restriction only to certificates that chain up to built-in > roots. > Thanks, > Ben > On Mon, Jul 13, 2020 at 10:37 PM Christian Felsing via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > Am 09.07.2020 um 17:46 schrieb Ben Wilson via dev-security-policy: > > > > > https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/ > > > > > > Hi, > > > > blog post should clarify if this is valid for certificates issued by > > preinstalled root CAs only or also for CAs installed by user. > > > > > > regards > > Christian > > _______________________________________________ > > dev-security-policy mailing list > > dev-secur...@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > > Hello Ben,
I also would like clarification as to whether this change is an "administrative change" for Mozilla accepting CAs in the included root store, or whether it will be a technical change in how Firefox validates CA certificate validity. If users install a CA cert that has a validity longer than 398 days after 1 Sept 2020, will this cause warning messages to appear? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy