[cabfpub] Misissuance of certificates

Dean Coclin Dean_Coclin at symantec.com
Tue Jan 5 15:10:07 UTC 2016


Commenting on this part: 

"public at cabforum.org  SHALL be informed about the report, if the CA cannot
post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
list."

If a CA is not a member of the forum, they won't have public list posting
privileges and may not know the email address of the Chair/Vice Chair (they
are not posted on our website). Hence I would suggest they email the
"questions" list

Dean

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Sigbjørn Vik
Sent: Friday, December 18, 2015 9:08 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Misissuance of certificates

Hi,

The discussion on this topic seems to have died down, I hope that means we
can proceed to a ballot. Anyone willing to endorse?

The suggested exception for constrained intermediates did not seem to solve
the problem it was intended to solve, and nobody spoke up for it, so I have
removed it. The text would then be:


2.2.1 Information of incorrect issuance

In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation.

public at cabforum.org SHALL be informed about the report, if the CA cannot
post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
list.

The report SHALL publicize details about what the error was, what caused the
error, time of issuance and discovery, and public certificates for all
issuer certificates in the trust chain.

The report SHALL publicize the full public certificate, with the following
exception: For certificates issued prior to 01-Mar-16 the report MAY leave
out Subject Distinguished Name fields and subjectAltName extension values.

The report SHALL be made available to the CAs Qualified Auditor for the next
Audit Report.

--
Sigbjørn Vik
Opera Software
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160105/61c5dca0/attachment.p7s>


More information about the Public mailing list