[cabfpub] To revoke or not to revoke 1024
Rick Andrews
Rick_Andrews at symantec.com
Mon Jun 24 07:39:41 UTC 2013
Eddy, that's what I assumed too, but that is not everyone's interpretation. Tom from Microsoft, for example, has similar language in his policy but he said it doesn't imply that we CAs must revoke.
-Rick
On Jun 23, 2013, at 10:11 PM, "Eddy Nigg (StartCom Ltd.)" <eddy_nigg at startcom.org<mailto:eddy_nigg at startcom.org>> wrote:
On 06/23/2013 10:32 PM, From Rick Andrews:
1. Mozilla’s policy seems to be similar – it says that such certs must expire by January 1, 2014, but it does not mandate that CAs revoke any such certs that would live beyond that date.
Something doesn't make sense here....if the certificates MUST expire by a certain date, there can't be any certificates with that requirement after that. I assume this means that certificates that are still valid should be revoked, otherwise a CA can't guaranty that such certificates aren't used anymore (which it shouldn't have issued in first place or taken care of it they had a longer lifetime).
However the key is probably the must expire by clause which makes it binding. Meaning no more certificates with those properties after X.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd.<http://www.startcom.org>
XMPP: startcom at startcom.org<xmpp:startcom at startcom.org>
Blog: Join the Revolution!<http://blog.startcom.org>
Twitter: Follow Me<http://twitter.com/eddy_nigg>
<smime.p7s>
_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130624/2bf0443e/attachment-0003.html>
More information about the Public
mailing list