“That is fully what we were expecting,” said Jon Nelson, a principal advisory director at Info-Tech Research Group. “[But] I do query the motives of the group. They’re doing this under the auspices of reducing risk, but I query if that’s the actual reason. Do the people making up this group have a conflict of interest in that this move could generate additional revenue for his or her firms?”
Although the group voted overwhelmingly to approve the change, with zero “No” votes, not every member agreed with the choice; five members abstained.
Tim Callan, the chief compliance officer at Sectigo and vice chair of the CA/Browser Forum, said that one among the certificate authority (CA) members who abstained, who he declined to discover, wrote a note to the group. Callan said it read, “now we have mixed feelings about this. We’re in favor in principle. Nevertheless, we’re unconvinced that essentially the most restrictive terms are essential, to go all of the best way all the way down to 47 days.”
