[Cscwg-public] Proposal to make changes to revocation based on malware

Tim Hollebeek tim.hollebeek at digicert.com
Fri Jul 15 16:18:07 UTC 2022


What is the motivation for allowing a waiver if approved by just “at least one” of the stakeholders, instead of all of them?

I’m a bit concerned that language might be increasingly troublesome as we continue to expand the scope and participation of this group.

Similarly, I’m unsure how I feel about making compliance distinctions based on whether a particular root program has decided to have a contractual relationship with its issuers or not.  That seems like an implementation detail of the relationship that the guidelines should remain silent on.  But I appreciate what that definition is intended to do, and would like to perhaps find a different way to express the same intent.

-Tim

From: Cscwg-public <cscwg-public-bounces at cabforum.org> On Behalf Of Martijn Katerbarg via Cscwg-public
Sent: Monday, June 27, 2022 10:04 AM
To: cscwg-public at cabforum.org
Subject: [Cscwg-public] Proposal to make changes to revocation based on malware

All,

As already hinted during the last meeting during the F2F, Ian and I, have been working on a proposal affecting the guidelines regarding malware based revocation.

The intent of this change is to:

  *   Limit the number of days before a certificate needs to be revoked, especially when the subscriber is not responding to inquiries
  *   Remove the OCSP log analysis requirements
  *   Simplify the process that has to be followed

I have attached 3 documents: one with the current language, one with the proposed language, as well as a redlined version.

The changes have been made based on upcoming version 3.0 of the CSCBRs. In case you wish to compare with version 2.8, the relevant section is 13.1.5.3. Besides to that section, there is also a change to the “Suspect Code” definition, as well as a new definition in the proposal.
Once PR6<https://github.com/cabforum/code-signing/pull/6> has been merged, I will also prepare the changes in GIT for those that prefer comparing there.

Looking forward to comments to this and move towards a potential ballot.

Regards,

Martijn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220715/1798fd64/attachment.html>


More information about the Cscwg-public mailing list