Expiration for certificate management


This proposes that certificates we create have a fixed expiry date
that can be inspected by applications.  The actual value that is set
is up to browser discretion.

It's a small change, but one that should allow browsers to move away
from crypto that is discovered to be bad without causing too much

p.s., Apparently the certificate management changes I proposed have
been merged, but I can't see them online.  The editor's copy is
outdated.  Other specs are now editing directly on gh-pages, which
means that the editor's copy is actually current, as opposed to some
arbitrarily old copy.  I just looked at the process that is being used
here and it's quite an unusual process.  I can only ask: why?  It's
got to be much more work this way.

Received on Friday, 29 May 2015 00:16:32 UTC