I would like to propose a change to cover a current gap in the BRs.  Right now 
there is no clear link from content in the certificate to the date of issuance 
of the certificate.  I would propose the following change to the BR.  Note that 
this intentionally only covers Subscriber (End-entity) certificates, not CA 

What do others think?

(new) Issuance Date: The latest of the notBefore value of a certificate and the 
time value of any cryptographically signed timestamps included in a certificate

(modified) Validity Period: The period of time measured from the Issuance Date 
of a Certificate is issued until the Expiry Date of a Certificate.

(new) Issuance Date
The Issuance Date of the certificate must be no more than 24 hours from (either 
before or after) the date when the CA signed the certificate.

Public mailing list

Reply via email to