Skip to content

CSC-27 Reduce signing cert validity#42

Open
ianjmcm wants to merge 2 commits into
cabforum:mainfrom
ianjmcm:CSC-27-ReduceSigningCertValidity
Open

CSC-27 Reduce signing cert validity#42
ianjmcm wants to merge 2 commits into
cabforum:mainfrom
ianjmcm:CSC-27-ReduceSigningCertValidity

Conversation

@ianjmcm

@ianjmcm ianjmcm commented Nov 21, 2024

Copy link
Copy Markdown

Considering the potential broad impacts of a revocation action with a Code Signing Certificate issued to the current max validity of 39 months, I’d like to propose we reduce the max validity to 460 days (~15 months). This would reduce the amount of potentially impacted good code signed by a victim of a takeover attacks and help limit the time an attacker has to abuse a Code Signing Certificate. With that in mind, I’d like to propose the following language to be added to reduce the max validity for Code Signing Certificates to 460 days which includes an effective date of June 15, 2025, for all newly issued Code Signing Certificates.

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants