Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] Points

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] Points


Chronological Thread 
  • From: Duane <duane AT cacert.org>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] Points
  • Date: Mon, 29 Jan 2007 15:24:17 -0500
  • List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

Philipp Gühring wrote:

Client certificates expire after 730 days (= 2 years) for assured people, and after 180 days (= 6 months) for unassured people.

Server certificates expire after 365 days (= 1 year).

This doesn't follow current policy, and I was hoping you were going to post a correction email.

Current policy is:

Client certificates are always 365 days, server certificates are 180 or 730.

The reasons for the ways things are is because:

Servers are usually more secured which is why we allow up to 2 years, however to encourage people to become assured we limit them to 6 months, and because Thawte issued cli certs for 12 months regardless of status it was felt we had to as well or people would simply go "Why would I only want to get a 6 month certificate".

I personally see no reason to change anything, most desktops are less secure, but the downside to reducing certificate length is adding annoyance to the user to keep coming back to get a new cert which may still act as a disincentive to get new users.

--

Best regards,
 Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP

"In the long run the pessimist may be proved right,
    but the optimist has a better time on the trip."




Archive powered by MHonArc 2.6.16.

Top of Page