[cabfpub] Misissuance of certificates

Gervase Markham gerv at mozilla.org
Wed Oct 28 15:47:46 UTC 2015

On 28/10/15 15:40, Sigbjørn Vik wrote:
> A CA might still prefer to fix their issues silently, without letting
> the public know that it had misissued certificates. This amendment does
> not fix that issue directly.

Why not? Presumably silently fixing an issue in this way would now be a
BR violation, which would lead to a failed audit?

> If such misissuance were discovered later,
> either through CT, through the auditor, or otherwise, the CA would be
> forced to issue full information. 

By what mechanism? Your proposed text doesn't seem to cover this case.


More information about the Public mailing list