[cabfpub] Misissuance of certificates

Sigbjørn Vik sigbjorn at opera.com
Wed Jan 27 11:50:52 UTC 2016

Hi all,

I think the discussion on this topic has been great, and the proposed 
ballot has had several improvements as a result. I think it is time we 
put it to a ballot. The text is as below, I am looking for two endorsers.

2.2.1 Notification of incorrect issuance

In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation. A link to the report SHALL
simultaneously be sent to incidents at cabforum.org.

Effective 01-Jul-16, the CA SHALL in its Certificate Policy and/or
Certification Practice Statement announce where such reports will be
found. The location SHALL be as accessible as the CP/CPS.

The report SHALL publicize details about what the error was, what caused
the error, time of issuance and discovery, and public certificates for
all issuer certificates in the trust chain.

The report SHALL publicize the full public certificate, with the
following exception: For certificates issued prior to 01-Mar-16 the
report MAY truncate Subject Distinguished Name fields and subjectAltName
extension values to the registerable domain name.

The report SHALL be made available to the CAs Qualified Auditor for the
next Audit Report.

Sigbjørn Vik
Opera Software

More information about the Public mailing list