[cabfpub] To revoke or not to revoke 1024
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Sun Jun 23 20:08:37 UTC 2013
On 06/23/2013 10:32 PM, From Rick Andrews:
>
> 1. Mozilla’s policy seems to be similar – it says that such certs
> must expire by January 1, 2014, but it does not mandate that CAs
> revoke any such certs that would live beyond that date.
>
Something doesn't make sense here....if the certificates MUST expire by
a certain date, there can't be any certificates with that requirement
after that. I assume this means that certificates that are still valid
should be revoked, otherwise a CA can't guaranty that such certificates
aren't used anymore (which it shouldn't have issued in first place or
taken care of it they had a longer lifetime).
However the key is probably the /must expire by/ clause which makes it
binding. Meaning no more certificates with those properties after X.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130623/2462dfdf/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130623/2462dfdf/attachment-0001.p7s>
More information about the Public
mailing list