CSC-31: Maximum Validity Reduction (#48)

* Update CSBR.md for proposed validity period change

Updating to mostly match ian's original verbiage. However, given that we want at least 6 months to reflect the change after enforcmeent, setting the date to January 1st of 2026 instead of the original June 15th of 2025

* Update CSBR.md

removing previous line to avoid confusion, and updating to March

* Update docs/CSBR.md

accepting change in verbiage to be clear on certificate life for certificates issued before

Co-authored-by: Corey Bonnell <dev@cbonnell.com>

* Update docs/CSBR.md

removing an extra space

Co-authored-by: Corey Bonnell <dev@cbonnell.com>

---------

Co-authored-by: Corey Bonnell <dev@cbonnell.com>

Author: nasantia

docs/CSBR.md

@@ -2029,7 +2029,7 @@ CAs SHALL ensure that the Subscriber’s Private Key is generated, stored, and u
 
 Subscribers and Signing Services MAY sign Code at any point in the development or distribution process. Code Signatures may be verified at any time, including during download, unpacking, installation, reinstallation, or execution, or during a forensic investigation.
 
-The validity period for a Code Signing Certificate issued to a Subscriber or Signing Service MUST NOT exceed 39 months.
+For Code Signing Certificates issued before March 1st, 2026, the validity period MUST NOT exceed 39 months. For Code Signing Certificates issued on or after March 1st, 2026, the validity period MUST NOT exceed 460 days.
 
 The Timestamp Certificate validity period MUST NOT exceed 135 months. The Timestamp Certificate Key Pair MUST meet the requirements in [Section 6.1.5](#615-key-sizes). The CA or Timestamp Authority SHALL NOT use a Private Key associated with a Timestamp Certificate more than 15 months after the `notBefore` date of a Timestamp Certificate.