[cabfpub] Ballot for limited exemption to RFC 5280 for CTimplementation

Rob Stradling rob.stradling at comodo.com
Thu Sep 18 20:47:05 UTC 2014

On 18/09/14 21:25, Erwann Abalea wrote:
> "A PreCert is NOT a cert intended to comply with RFC5280." is a
> dangerous argument. What if a CA caught while producing non {BR,RFC5280}
> compliant certificates replies "these certificates were not intended to
> comply with {BR,RFC5280}"? Would that be an acceptable answer?

Clearly not.  DigiNotar didn't even intend to issue those bad certs in 
2011, let alone intend them to comply with RFC5280!

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list