I’m working on updating cablint to make sure it has checks that match browser
checks. These will be INFO level items if they don’t align with the BRs, but I
think having them is valuable.
I’m hoping that the browsers can confirm a couple of things, so I get it right
1) Safari and Chrome both require that the server send CT information for the
certificate in order to get EV treatment. There is no date based selector for
this (this rule has been in effect longer than the maximum validity period of
an EV cert).
2) Chrome will require that the server send CT information for certificates
that have notBefore >= 2018-05-01T00:00:00Z in order to not get an interstitial
3) Chrome will present an interstitial for any certificate with notBefore >=
2018-03-01T00:00:00Z where the delta between notBefore and NotAfter is greater
than 71,280,000 seconds (825 days of 24 hours of 60 minutes of 60 seconds).
Are these correct?
Public mailing list