In summary, the proposed certificate maximum lifetime:
- Domain Validation: from 398 to 90 days (same as the Let's Encrypt limit [1])
- Root CA: from 30+ to 7 years
- Subordinate CA: 3 years
[1] https://letsencrypt.org/2015/11/09/why-90-days.html
This makes the web unusable for semi-connected devices. An offline capable mapping app where the app expires so quickly is a nasty lurking time bomb.
In summary, the proposed certificate maximum lifetime:
- Domain Validation: from 398 to 90 days (same as the Let's Encrypt limit [1])
- Root CA: from 30+ to 7 years
- Subordinate CA: 3 years
[1] https://letsencrypt.org/2015/11/09/why-90-days.html