[cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Tue Aug 6 21:43:38 UTC 2013

Ryan and Eddy - if it was anyone's intention to put CAs in the position of breach of contract with their existing customers for long-term certificates they had issued pre-BR (by effectively prohibiting them under the BRs from reissuing an existing long term cert for the balance of the cert validity period, as the CAs had agreed to do with their customers by contract), that was never made clear by anyone.

If it had been made clear, I doubt many CAs would have supported that position.  We don't think that's a common-sense interpretation of the current BRs.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Tuesday, August 06, 2013 11:16 AM
To: Eddy Nigg (StartCom Ltd.)
Cc: public at cabforum.org >> public at cabforum.org
Subject: Re: [cabfpub] Concerns regarding Mozilla Root Program/Baseline Requirements

On Tue, Aug 6, 2013 at 9:42 AM, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org<mailto:eddy_nigg at startcom.org>> wrote:

On 08/03/2013 12:28 AM, From kirk_hall at trendmicro.com:<mailto:kirk_hall at trendmicro.com:>

We also agree.  We were part of all BR discussions, and the effect of rekeying was never discussed.

There is no such a thing, it simply doesn't exist! There is only a certificate that is either valid, expired or revoked and every time a certificate is issued it's a NEW certificate. It has a new serial number and signature hash...and it may have similar properties as another certificate but it will never be the same certificate. Every time a CA issues a certificate it's a NEW certificate no matter what.

And in this respect it must always comply to the relevant requirements and standards. The word "rekeying" is something CAs invented but it doesn't really exist - there is no certificate like the other and if there was we'd have far bigger problems now.

This was certainly our understanding as well.



Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<mailto:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130806/0fe65511/attachment-0003.html>

More information about the Public mailing list