[cabfpub] Misissuance of certificates
Sigbjørn Vik
sigbjorn at opera.com
Tue Jan 5 15:19:03 UTC 2016
How about the following:
public at cabforum.org SHALL be informed about the report. If the CA cannot
post directly, it SHALL inform questions at cabforum.org, and the CA/B
Forum chair SHALL forward to the list.
On 05-Jan-16 16:10, Dean Coclin wrote:
> Commenting on this part:
>
> "public at cabforum.org SHALL be informed about the report, if the CA cannot
> post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
> list."
>
> If a CA is not a member of the forum, they won't have public list posting
> privileges and may not know the email address of the Chair/Vice Chair (they
> are not posted on our website). Hence I would suggest they email the
> "questions" list
>
> Dean
>
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
> Behalf Of Sigbjørn Vik
> Sent: Friday, December 18, 2015 9:08 AM
> To: public at cabforum.org
> Subject: Re: [cabfpub] Misissuance of certificates
>
> Hi,
>
> The discussion on this topic seems to have died down, I hope that means we
> can proceed to a ballot. Anyone willing to endorse?
>
> The suggested exception for constrained intermediates did not seem to solve
> the problem it was intended to solve, and nobody spoke up for it, so I have
> removed it. The text would then be:
>
>
> 2.2.1 Information of incorrect issuance
>
> In the event that a CA issues a certificate in violation of these
> requirements, the CA SHALL publicly disclose a report within one week of
> becoming aware of the violation.
>
> public at cabforum.org SHALL be informed about the report, if the CA cannot
> post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
> list.
>
> The report SHALL publicize details about what the error was, what caused the
> error, time of issuance and discovery, and public certificates for all
> issuer certificates in the trust chain.
>
> The report SHALL publicize the full public certificate, with the following
> exception: For certificates issued prior to 01-Mar-16 the report MAY leave
> out Subject Distinguished Name fields and subjectAltName extension values.
>
> The report SHALL be made available to the CAs Qualified Auditor for the next
> Audit Report.
>
> --
> Sigbjørn Vik
> Opera Software
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
--
Sigbjørn Vik
Opera Software
More information about the Public
mailing list