[cabfpub] To revoke or not to revoke 1024

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Sun Jun 23 13:08:37 MST 2013


On 06/23/2013 10:32 PM, From Rick Andrews:
>
>  1. Mozilla’s policy seems to be similar – it says that such certs
>     must expire by January 1, 2014, but it does not mandate that CAs
>     revoke any such certs that would live beyond that date.
>

Something doesn't make sense here....if the certificates MUST expire by 
a certain date, there can't be any certificates with that requirement 
after that. I assume this means that certificates that are still valid 
should be revoked, otherwise a CA can't guaranty that such certificates 
aren't used anymore (which it shouldn't have issued in first place or 
taken care of it they had a longer lifetime).

However the key is probably the /must expire by/ clause which makes it 
binding. Meaning no more certificates with those properties after X.


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130623/2462dfdf/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20130623/2462dfdf/attachment.bin 


More information about the Public mailing list