[cabfpub] Revised document for Ballot 89 - Adopt Requirements for the Processing of EV SSL Certificates v.2

Rick Andrews Rick_Andrews at symantec.com
Tue Oct 16 22:00:26 UTC 2012


> Are CAs (or is Symantec) now taking the position that they revoke certs
> which contain correct identity information but are being used on sites
> which engage in illegal activity? What definition of "illegal" are you
> using?

Gerv, yes, Symantec does revoke certs that we believe are being used fraudulently. I can't give you the definition of "illegal" that we use. It generally starts with our Threat Intel team, which feeds the info to a relevant Product Manager who makes the call after considering impact to the customer and others. It's more commonly done for code signing certs, but occasionally for SSL certs.

-Rick


More information about the Public mailing list