I've always been a proponent for tight cert expiration dates. I really don't like anything much over a year and more like 6 months. Because many certs can be reissued auto-magically I don't sweat the shorter time spans. Yes, PKI certs are tad different story but again, why issue a cert for 3 to 5 years when most employees only last 1.23745 years?
Recently the standards body for browsers proposed a change. A big CA house did not like the new proposal. Personally, I think their reasons for keeping it longer are lame. I'm curious as to what your thoughts are.