[cabfpub] Misissuance of certificates
Ryan Sleevi
sleevi at google.com
Wed Jan 27 19:14:46 UTC 2016
Google is happy to endorse.
On Wed, Jan 27, 2016 at 3:50 AM, Sigbjørn Vik <sigbjorn at opera.com> wrote:
> Hi all,
>
> I think the discussion on this topic has been great, and the proposed
> ballot has had several improvements as a result. I think it is time we
> put it to a ballot. The text is as below, I am looking for two endorsers.
>
>
> 2.2.1 Notification of incorrect issuance
>
> In the event that a CA issues a certificate in violation of these
> requirements, the CA SHALL publicly disclose a report within one week of
> becoming aware of the violation. A link to the report SHALL
> simultaneously be sent to incidents at cabforum.org.
>
> Effective 01-Jul-16, the CA SHALL in its Certificate Policy and/or
> Certification Practice Statement announce where such reports will be
> found. The location SHALL be as accessible as the CP/CPS.
>
> The report SHALL publicize details about what the error was, what caused
> the error, time of issuance and discovery, and public certificates for
> all issuer certificates in the trust chain.
>
> The report SHALL publicize the full public certificate, with the
> following exception: For certificates issued prior to 01-Mar-16 the
> report MAY truncate Subject Distinguished Name fields and subjectAltName
> extension values to the registerable domain name.
>
> The report SHALL be made available to the CAs Qualified Auditor for the
> next Audit Report.
>
>
> --
> Sigbjørn Vik
> Opera Software
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160127/5b04b2d1/attachment-0003.html>
More information about the Public
mailing list