[cabfpub] Misissuance of certificates
Sigbjørn Vik
sigbjorn at opera.com
Wed Dec 2 05:02:45 MST 2015
On 02-Dec-15 12:30, Rob Stradling wrote:
> On 02/12/15 11:10, Sigbjørn Vik wrote:
> <snip>
>> A reworded proposal would then be e.g.:
>>
>> ====
>> 2.2.1 Information of incorrect issuance
>>
>> In the event that a CA issues a certificate in violation of these
>> requirements, the CA SHALL publicly disclose a report within one week of
>> becoming aware of the violation.
>>
>> public at cabforum.org SHALL be informed about the report, if the CA cannot
>> post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
>> list.
>>
>> The report SHALL include details about what the error was, what caused
>> the error, time of issuance and discovery, and public certificates for
>> all issuer certificates in the trust chain.
>>
>> The report SHALL contain the full public certificate,
>
> Hi Sigbjørn.
>
> "The report SHALL _include_ ... public certificates for all issuer
> certificates in the trust chain" and "The report SHALL _contain_ the
> full public certificate" seems to imply that reports cannot _reference_
> other publicly accessible systems (such as https://crt.sh) that provide
> this information.
>
> Is that the intent? (I'm hoping it isn't).
The intent is that the report makes the information public. I suggest
changing "include" to "publicize", that ought to take care of your concern.
--
Sigbjørn Vik
Opera Software
More information about the Public
mailing list