[cabfpub] Misissuance of certificates
Sigbjørn Vik
sigbjorn at opera.com
Wed Jan 27 11:50:52 UTC 2016
Hi all,
I think the discussion on this topic has been great, and the proposed
ballot has had several improvements as a result. I think it is time we
put it to a ballot. The text is as below, I am looking for two endorsers.
2.2.1 Notification of incorrect issuance
In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation. A link to the report SHALL
simultaneously be sent to incidents at cabforum.org.
Effective 01-Jul-16, the CA SHALL in its Certificate Policy and/or
Certification Practice Statement announce where such reports will be
found. The location SHALL be as accessible as the CP/CPS.
The report SHALL publicize details about what the error was, what caused
the error, time of issuance and discovery, and public certificates for
all issuer certificates in the trust chain.
The report SHALL publicize the full public certificate, with the
following exception: For certificates issued prior to 01-Mar-16 the
report MAY truncate Subject Distinguished Name fields and subjectAltName
extension values to the registerable domain name.
The report SHALL be made available to the CAs Qualified Auditor for the
next Audit Report.
--
Sigbjørn Vik
Opera Software
More information about the Public
mailing list