Speaking only as a regular ol’ wg member. Thought I’d bring this up while lots of people are here together.
I happened to ask a question of an RIR that identified an error - a certificate they issued did not include all the resources of an organization that it should have included. The RIR corrected the error, adding the missing resources. Except that I noted that the validity start date of the new expanded certificate had not changed. I checked to see if this was deliberate — to make the certified resources as they should always have been. But (if I understand correctly) when the RIR issues a new cert with added resources, they do not change the validity start time. This is a problem for historical forensic analysis (credit Doug Montgomery for that phrase). Of course, I could have misunderstood. I’m curious. What thinks the wg? What thinks those who are operating CAs? —Sandy, speaking only as regular ol’ member
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
