[Mozilla Enterprise] Ballot 193 - 825 Day Certs
Mike Kaply
mkaply at mozilla.com
Tue Oct 15 16:58:29 UTC 2019
On Wed, Oct 9, 2019 at 1:57 PM Houle, Todd - 1120 - MITLL <
Todd.Houle at ll.mit.edu> wrote:
> https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/
>
>
>
> I know Mozilla is supporting these requirements on Root CA’s that it
> distributes. Anything about end entity certs? Will or does Firefox
> require the same configuration on those?
>
The CA/Browser Forum lifetime requirements only apply to end-entity
certificates. Mozilla enforces these requirements on CAs that are included
in our root store via policy, and we've found this to be effective. We also
technically limit the lifetime of EV certificates in Firefox, but we
currently have no plans to do the same for all certificates.
>
>
> I know Apple is including this requirement for its OS (Safari) for 10.15.
> Has Google Chrome also implemented this into their certificate validation?
>
Chrome has in the past enforced end-entity certificate lifetime in code,
but you'll need to confirm that with the Chrome team.
>
>
> Thank you, everyone
>
> Todd
> _______________________________________________
> Enterprise mailing list
> Enterprise at mozilla.org
> https://mail.mozilla.org/listinfo/enterprise
>
> To unsubscribe from this list, please visit
> https://mail.mozilla.org/listinfo/enterprise or send an email to
> enterprise-request at mozilla.org with a subject of "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20191015/df73257f/attachment.html>
More information about the Enterprise
mailing list