Section 3.2.2.4.7 DNS Change of the current v2.2.5 of the Baseline Requirements says:
If a Random Value is used, the CA SHALL provide a Random Value unique to the Certificate request and SHALL not use the Random Value after
- 30 days; or
- if the Applicant submitted the Certificate request, the time frame permitted for reuse of validated information relevant to the Certificate (such as in Section 4.2.1 of these Guidelines or Section 3.2.2.14.3 of the EV Guidelines).
How are these two different methods of computing how long you can use a Random Value meant to be combined? Do we take the lesser of the two values? The greater?
At the time that this text was written, all validation reuse periods specified in Section 4.2.1 were significantly greater than 30 days. Therefore it seems like a safe assumption that we're supposed to take the greater of the two values.
However, this is no longer the case. As of 2029, all validation reuse periods will be lowered to 10 days. At that time, will all Random Values still be usable for 30 days?
We should either clarify this text to explicitly say "...and SHALL not use the Random Value after the greater of..."
Or we should remove the second clause entirely, because I'm very unclear on what purpose it serves, and none of the other validation methods have similar verbiage. All the others just say "The Random Value SHALL remain valid for use in a confirming response for no more than 30 days from its creation."
Section 3.2.2.4.7 DNS Change of the current v2.2.5 of the Baseline Requirements says:
How are these two different methods of computing how long you can use a Random Value meant to be combined? Do we take the lesser of the two values? The greater?
At the time that this text was written, all validation reuse periods specified in Section 4.2.1 were significantly greater than 30 days. Therefore it seems like a safe assumption that we're supposed to take the greater of the two values.
However, this is no longer the case. As of 2029, all validation reuse periods will be lowered to 10 days. At that time, will all Random Values still be usable for 30 days?
We should either clarify this text to explicitly say "...and SHALL not use the Random Value after the greater of..."
Or we should remove the second clause entirely, because I'm very unclear on what purpose it serves, and none of the other validation methods have similar verbiage. All the others just say "The Random Value SHALL remain valid for use in a confirming response for no more than 30 days from its creation."