On 16/8/2022 12:28 π.μ., Ben Wilson wrote:
Addition to: Section 7.1 Inclusions
CA key material MUST be generated within the three (3) years that
precede the submission of a CA inclusion request. The date of CA key
material generation shall be determined by reference to the auditor’s
key generation ceremony report.
Why 3 years instead of 5? What are the security benefits of a key being
generated 3 vs 5 years ago? The Chrome Root Program Policy states that
it will accept keys generated 5 years ago so perhaps there is no
significant reason to justify this policy divergence.
Thanks,
Dimitris.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/7583f738-82f3-cd1b-3793-5254e4d83095%40it.auth.gr.
