I’m working on updating cablint to make sure it has checks that match browser 
checks.  These will be INFO level items if they don’t align with the BRs, but I 
think having them is valuable.

I’m hoping that the browsers can confirm a couple of things, so I get it right 
in cablint:

1) Safari and Chrome both require that the server send CT information for the 
certificate in order to get EV treatment.  There is no date based selector for 
this (this rule has been in effect longer than the maximum validity period of 
an EV cert).

2) Chrome will require that the server send CT information for certificates 
that have notBefore >= 2018-05-01T00:00:00Z in order to not get an interstitial

3) Chrome will present an interstitial for any certificate with notBefore >= 
2018-03-01T00:00:00Z where the delta between notBefore and NotAfter is greater 
than 71,280,000 seconds (825 days of 24 hours of 60 minutes of 60 seconds).

Are these correct?

Public mailing list

Reply via email to