CertificateTransparency icon indicating copy to clipboard operation
CertificateTransparency copied to clipboard
verified publisher icon GoogleChrome

Define "CT Qualified" in terms of Days, not Months

Open sleevi opened this issue 8 years ago • 2 comments

Currently, the number of SCTs related to the Lifetime of Certificate is defined in months. However, this leaves it ambiguous as to how to calculate it.

Several possible interpretations have been arrived at:

  • Treating every month as 31 days, thus 15 months is 465 days
  • Treating 15 months as the maximum legitimate period (366 days, followed by a 3 months sequence of July/Aug/Sept at 31 + 31 + 30), or 458 days
  • A complex scheme of rounding, such that: (notAfter.year - notBefore.year) * 12 + (notAfter.month - notBefore.month), and then subtracting one if notAfter.day < notBefore.day.

Expressing this in days is seen as least ambiguous.

For Chrome, this is https://bugs.chromium.org/p/chromium/issues/detail?id=713362

sleevi avatar Apr 24 '17 20:04 sleevi

List discussion: https://groups.google.com/a/chromium.org/d/msg/ct-policy/bw8HBjFZLr0/YJDq4hsFBQAJ

sleevi avatar Apr 25 '17 14:04 sleevi

In the spirit of simplifying implementation and reducing ambiguity, we're changing the CT Qualified table to reflect certificate lifetimes in terms of days, not months. The second of the above three interpretations was chosen for month-to-day conversion:

  • Treating 15 months as the maximum legitimate period (366 days, followed by a 3 months sequence of July/Aug/Sept at 31 + 31 + 30), or 458 days

The other ranges are listed in the following comment in the Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=713362#c3

devonobrien avatar Oct 23 '17 23:10 devonobrien