View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001482||Infrastructure host||general||public||2020-06-27 09:30||2020-08-09 09:25|
|Summary||0001482: Limit validity period of new HTTPS certificates to one year|
|Description||According to the German article from Heise (1), most browser manufacturers will not accept HTTPS certificates anymore after September 1, 2020, if they have a validity period longer than one year. This article mentions other sources from Apple (2) and Google (3) regarding this decision.|
CAcert should respect this constraint when issueing SSL server certificates. It could be hard-coded, or the user may be able to select if the certificate has a validity period of e.g. 6 months, 1 year or 2 years.
|Tags||No tags attached.|
I have read the comments at Heise and come to the following conclusion:
1. we have to reduce the validity period from September 1 to 398 days (or 396 days - one day margin and every four years leap year)
2. if feasible, offer the validity period at the same time - otherwise later if possible - selectable:
As SaT says: 6/12 months (for web), but also 2/3/ev.5 years for other applications.
See among others the following article at Heise:
(they write about smtp, imap, ftp, ldap, xmpp, stunnel, and others)
The selection (e.g. radio button) must clearly state "for all purposes, incl. https" or "not suitable for websites/https" next to the duration.
I just had a look at Apple's page cited above. There the Statement is "This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS."
Chromium's statement is "Enforce publicly trusted TLS server certificates ...", which is not as specific as Apple's, but could be interpreted the same way...
|2020-06-27 09:30||SaT||New Issue|
|2020-06-27 09:30||SaT||Assigned To||=> jandd|
|2020-06-27 13:11||L10N||Note Added: 0005894|
|2020-06-27 14:15||Ted||Relationship added||related to 0000775|
|2020-06-27 14:22||Ted||Relationship added||related to 0001464|
|2020-08-07 22:47||L10N||Relationship added||has duplicate 0001494|
|2020-08-09 09:25||Ted||Note Added: 0005900|