[cabfpub] 9.6.3 and Private Key use

Ben Wilson ben.wilson at digicert.com
Tue Jun 21 14:36:55 UTC 2016


That works.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Tuesday, June 21, 2016 4:14 AM
To: Ben Wilson <ben.wilson at digicert.com>; Josh Aas <josh at letsencrypt.org>; CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] 9.6.3 and Private Key use

On 20/06/16 19:28, Ben Wilson wrote:
> Reporting and Revocation: An obligation and warranty to:  (a) promptly 
> cease using a Certificate and its associated Private Key if there is 
> any actual or suspected misuse or compromise of the Subscriber’s 
> Private Key associated with the Public Key included in the 
> Certificate; and (b) to promptly request the CA to revoke the 
> Certificate, in the event of (a), or if any information in the 
> Certificate is, or becomes, incorrect or inaccurate.

This is definitely the right sentiment, although the (a) ... (b) ... (a) makes it a bit hard to parse. How about:

Reporting and Revocation: An obligation and warranty to:

(a) promptly request revocation of the Certificate, and cease using it and its associated Private Key, if there is any actual or suspected misuse or compromise of the Subscriber’s Private Key associated with the Public Key included in the Certificate; and

(b) promptly request revocation of the Certificate, and cease using it, if any information in the Certificate is or becomes incorrect or inaccurate.

Gerv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160621/1a296c6a/attachment-0001.p7s>


More information about the Public mailing list