[cabfpub] Misissuance of certificates
Rob Stradling
rob.stradling at comodo.com
Wed Dec 2 11:30:12 UTC 2015
On 02/12/15 11:10, Sigbjørn Vik wrote:
<snip>
> A reworded proposal would then be e.g.:
>
> ====
> 2.2.1 Information of incorrect issuance
>
> In the event that a CA issues a certificate in violation of these
> requirements, the CA SHALL publicly disclose a report within one week of
> becoming aware of the violation.
>
> public at cabforum.org SHALL be informed about the report, if the CA cannot
> post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
> list.
>
> The report SHALL include details about what the error was, what caused
> the error, time of issuance and discovery, and public certificates for
> all issuer certificates in the trust chain.
>
> The report SHALL contain the full public certificate,
Hi Sigbjørn.
"The report SHALL _include_ ... public certificates for all issuer
certificates in the trust chain" and "The report SHALL _contain_ the
full public certificate" seems to imply that reports cannot _reference_
other publicly accessible systems (such as https://crt.sh) that provide
this information.
Is that the intent? (I'm hoping it isn't).
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list