I would like to propose a change to cover a current gap in the BRs. Right now there is no clear link from content in the certificate to the date of issuance of the certificate. I would propose the following change to the BR. Note that this intentionally only covers Subscriber (End-entity) certificates, not CA certificates.
What do others think? Definitions: (new) Issuance Date: The latest of the notBefore value of a certificate and the time value of any cryptographically signed timestamps included in a certificate (modified) Validity Period: The period of time measured from the Issuance Date of a Certificate is issued until the Expiry Date of a Certificate. (new) 7.1.2.3(g) Issuance Date The Issuance Date of the certificate must be no more than 24 hours from (either before or after) the date when the CA signed the certificate. Thanks, Peter _______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public