[cabfpub] Revocation revamp

Rob Stradling rob.stradling at comodo.com
Wed Mar 25 13:22:45 UTC 2015

On 25/03/15 13:11, Ben Laurie wrote:
> On the subject of revocation, I was wondering how one would go about
> revoking a mis-issued cert detected through CT. I picked a couple of
> random CAs and tried to find out how I might report that they'd
> mis-issued a cert for my site. I completely failed.
> Do the BRs say anything about this?

13.  Certificate Revocation and Status Checking

13.1  Revocation

13.1.1  Revocation Request
The CA SHALL provide a process for Subscribers to request revocation of 
their own Certificates. The process MUST be described in the CA’s 
Certificate Policy or Certification Practice Statement. The CA SHALL 
maintain a continuous 24x7 ability to accept and respond to revocation 
requests and related inquiries.

13.1.2  Certificate Problem Reporting
The CA SHALL provide Subscribers, Relying Parties, Application Software 
Suppliers, and other third parties with clear instructions for reporting 
suspected Private Key Compromise, Certificate misuse, or other types of 
fraud, compromise, misuse, inappropriate conduct, or any other matter 
related to Certificates. The CA SHALL publicly disclose the instructions 
through a readily accessible online means.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the Public mailing list