[cabfpub] Revocation ballot v2
Jeremy Rowley
jeremy.rowley at digicert.com
Wed Aug 23 20:32:18 MST 2017
Okay - attached.
a) I added the requirement to maintain an email address for addressing certificate problem reports to 4.9.3
b) I added a 24 hour rule for when the original certificate request was not authorized.
If I have everything, I'm looking for two endorsers on this one.
-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Wednesday, August 23, 2017 6:47 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Revocation ballot v2
On 23/08/17 11:56, Jeremy Rowley via Public wrote:
> Attached is a revised version of the revocation ballot. This leaves
> the revocation deadline at 24 hours for key compromise, but gives CAs
> a week to respond to other issues. Pretty sure I don’t need to preface
> where this proposal is coming from.
This seems pretty excellent. The only issue is, as you say, if it turns out that a cert is issued to the wrong person, 8 days seems long. Could we say that if the CA determines that the cert is issued to the wrong person, they must immediately revoke within 24 hours; they don't get the remainder of the 7 days before having to revoke? Not perhaps easily enforceable, but a commendation of good practice.
Gerv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Revocation-Time-Revision-Ballot v2.doc
Type: application/msword
Size: 45568 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170824/1427a9a8/attachment-0001.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4984 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170824/1427a9a8/attachment-0001.p7s>
More information about the Public
mailing list