[cabfpub] Ballot for limited exemption to RFC 5280 for CTimplementation

Rob Stradling rob.stradling at comodo.com
Thu Sep 18 20:47:05 UTC 2014


On 18/09/14 21:25, Erwann Abalea wrote:
<snip>
> "A PreCert is NOT a cert intended to comply with RFC5280." is a
> dangerous argument. What if a CA caught while producing non {BR,RFC5280}
> compliant certificates replies "these certificates were not intended to
> comply with {BR,RFC5280}"? Would that be an acceptable answer?

Clearly not.  DigiNotar didn't even intend to issue those bad certs in 
2011, let alone intend them to comply with RFC5280!

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online



More information about the Public mailing list