[cabfpub] Misissuance of certificates

Dean Coclin Dean_Coclin at symantec.com
Fri Oct 30 18:46:52 UTC 2015

I don't believe the ISWG is doing anything specific to this, Ben?

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Sigbjørn Vik
Sent: Friday, October 30, 2015 11:09 AM
To: Barreira Iglesias, Iñigo; public at cabforum.org
Subject: Re: [cabfpub] Misissuance of certificates

Could anyone in the information sharing working group comment if this is a duplicate effort already covered there, or worthy of a separate ballot?

On 29-Oct-15 08:35, "Barreira Iglesias, Iñigo" wrote:
> Hi,
> It seems to me that this request is one of the aspects the "information sharing" working group is trying to achieve, I don´t remember if publicly for the whole world or just for the CABF members.
> Iñigo Barreira
> Responsable del Área técnica
> i-barreira at izenpe.eus
> 945067705
> ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
> ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.
> -----Mensaje original-----
> De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] 
> En nombre de Sigbjørn Vik Enviado el: miércoles, 28 de octubre de 2015 
> 16:41
> Para: public at cabforum.org
> Asunto: [cabfpub] Misissuance of certificates
> It occasionally happens that a CA misissues a certificate. To improve the certificate ecosystem, we would like information about such incidents to be publicly available. This will allow CAs to learn from other's mistakes, increase transparency, and allow users and vendors to take appropriate countermeasures and determine the trustworthiness of CAs. Over time, this might also indirectly result in fewer misissuances.
> Opera proposes adding text like the following to the BRs.
> In the event that a CA issues a certificate in violation of these requirements, the CA SHALL publicly disclose a report within one week of becoming aware of the violation. public at cabforum.org SHALL be informed about the report, and it SHALL include details about what caused the issuance, time of issuance and discovery, as well as the full public certificate. The report SHALL be made available to the CAs Qualified Auditor for the next Audit Report.
> A CA might still prefer to fix their issues silently, without letting the public know that it had misissued certificates. This amendment does not fix that issue directly. If such misissuance were discovered later, either through CT, through the auditor, or otherwise, the CA would be forced to issue full information. This would still be beneficial in itself, and it would incentivize CAs to avoid misissuance, and be open about it should it happen.
> --
> Sigbjørn Vik
> Opera Software
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

Sigbjørn Vik
Opera Software
Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151030/a8090570/attachment-0001.p7s>

More information about the Public mailing list