Skip to content

Don't require CAs to cap lifetime or check CAA until May 1.#396

Merged
jyasskin merged 1 commit intoWICG:masterfrom
jyasskin:caa-timeline
Mar 1, 2019
Merged

Don't require CAs to cap lifetime or check CAA until May 1.#396
jyasskin merged 1 commit intoWICG:masterfrom
jyasskin:caa-timeline

Conversation

@jyasskin
Copy link
Member

@jyasskin jyasskin commented Feb 8, 2019

This makes it clear that existing CAs aren't breaking any rules just because I changed the draft.

sleevi
sleevi approved these changes Feb 8, 2019
View reviewed changes
Copy link

@sleevi sleevi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good spot.

While certificate lifetimes can be 'easily' changed by altering CA's certificate issuing profile, the CAA enforcement will actually require changes to the validation infrastructure, so it makes sense to clearly phase this in for CAs that have or are implementing support, while also setting clear expectations about what the end state will look like.

@jyasskin
Copy link
Member Author

jyasskin commented Feb 8, 2019

It was @clintwilson's spot, to be clear. :)

@twifkak
Copy link
Collaborator

twifkak commented Feb 21, 2019

FYI this updates #377 for #383. (just for the auto-backlinks)

@jyasskin jyasskin merged commit d39b537 into WICG:master Mar 1, 2019
@jyasskin jyasskin deleted the caa-timeline branch March 1, 2019 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sleevi sleevi sleevi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jyasskin @twifkak @sleevi