[cabfpub] Revocation ballot v2
Gervase Markham
gerv at mozilla.org
Wed Aug 23 17:46:34 MST 2017
On 23/08/17 11:56, Jeremy Rowley via Public wrote:
> Attached is a revised version of the revocation ballot. This leaves the
> revocation deadline at 24 hours for key compromise, but gives CAs a week
> to respond to other issues. Pretty sure I don’t need to preface where
> this proposal is coming from.
This seems pretty excellent. The only issue is, as you say, if it turns
out that a cert is issued to the wrong person, 8 days seems long. Could
we say that if the CA determines that the cert is issued to the wrong
person, they must immediately revoke within 24 hours; they don't get the
remainder of the 7 days before having to revoke? Not perhaps easily
enforceable, but a commendation of good practice.
Gerv
More information about the Public
mailing list