[cabfpub] To revoke or not to revoke 1024

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Sun Jun 23 22:05:27 UTC 2013

Most or all of the 1024 certificates were issued before the Baseline Requirements became effective, so the BRs didn’t apply to the issuance of those certs.  If the Forum had intended that all 1024 certs issued before the BRs became effective had to be revoked by 12/31/2013, the BRs could have stated that – but they didn’t.  In our view, there is therefore no requirement to revoke those certs now.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Sunday, June 23, 2013 1:09 PM
To: public at cabforum.org
Subject: Re: [cabfpub] To revoke or not to revoke 1024

On 06/23/2013 10:32 PM, From Rick Andrews:
a.        Mozilla’s policy seems to be similar – it says that such certs must expire by January 1, 2014, but it does not mandate that CAs revoke any such certs that would live beyond that date.

Something doesn't make sense here....if the certificates MUST expire by a certain date, there can't be any certificates with that requirement after that. I assume this means that certificates that are still valid should be revoked, otherwise a CA can't guaranty that such certificates aren't used anymore (which it shouldn't have issued in first place or taken care of it they had a longer lifetime).

However the key is probably the must expire by clause which makes it binding. Meaning no more certificates with those properties after X.



Eddy Nigg, COO/CTO

StartCom Ltd.<http://www.startcom.org>


startcom at startcom.org<xmpp:startcom at startcom.org>


Join the Revolution!<http://blog.startcom.org>


Follow Me<http://twitter.com/eddy_nigg>

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130623/28ab52b3/attachment-0003.html>

More information about the Public mailing list