[cabfpub] Revocation Information
Erwann Abalea
erwann.abalea at opentrust.com
Thu Sep 25 02:20:49 MST 2014
Bonjour Ryan,
Le 23/09/2014 19:04, Ryan Sleevi a écrit :
> Isn't there two aspects at play here? The first is the CRL for the
> technically constrained subCA. Since that subCA has to be disclosed to
> Moz (as part of the Moz program + Audit requirements), revoking that
> subCA 'should' also be a public act and uncontroversially so.
Extract from Mozilla inclusion policy:
All certificates that are capable of being used to issue new
certificates, and which directly or transitively chain to a certificate
included in Mozilla’s CA Certificate Program, MUST be operated in
accordance withMozilla’s CA Certificate Policy
<https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/>and
MUST either be*technically constrained*or be*publicly disclosed and
audited.*
Pretty clear.
CABForum BR only requires a regular quality assessment for technically
constrained subordinate CAs, performed by the issuing CA. No disclosure
of the CA is required.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140925/c9d67c85/attachment.html
More information about the Public
mailing list