I Hope this information to help you! *Program Requirements - Microsoft Trusted Root Program* https://docs.microsoft.com/en-us/security/trusted-root/program-requirements
*Newly minted Root CAs must be valid for a minimum of 8 years, and a maximum of 25 years, from the date of submission.* El sábado, 9 de octubre de 2021 a las 14:46:16 UTC+2, [email protected] escribió: > I can't find written rule about validity period of CA certificate in CA/B > BR or Mozilla policy, so a CA could register a root certificate with > notafter date of year 9999(where rfc5280 assigned for no well-defined > expiration date) and practically never care about a root certificate > being expired. but will this kind of thing actually allowed? > actually this doesn't sound that bad, as root store is hand-picked and if > there was a reason to remove a root certificate(no longer trusted/key is > now considered weak) it would removed from store by store update, make > automatic expiration not needed and can break things > > For intermediate CA's validity period is different can of worm, and I > personally think having to manage documentation and crt/ocsp literally > forever is enough deterrent to no real CA will attempt. > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/11e113de-0b54-4245-9582-9a9193c844b4n%40mozilla.org.
