[cabfpub] Revocation ballot v2
Adriano Santoni
adriano.santoni at staff.aruba.it
Wed Aug 23 22:39:54 MST 2017
The problem I see with mandating an email address as the only way to
report a problem to the CA is that mailboxes are subject to spamming.
Our certificate problem reporting mailbox is being targeted to spam more
and more, lately, and it is not always easy and quick to tell apart real
problem reports and spam.
Il 24/08/2017 02:45, Gervase Markham via Public ha scritto:
> On 23/08/17 17:39, Jeremy Rowley via Public wrote:
>> “Certificate Problem Report: A complaint of suspected Key Compromise,
>> Certificate misuse, or other types of fraud, compromise, misuse, or
>> inappropriate conduct related to Certificates that is sent to an email
>> address publicly specified in the CA’s repository. “
> I think that if we want to mandate that the CA's Problem Reporting
> Mechanisms include at minimum an email address, we should say that in
> the relevant section, rather than slip it in here.
>
> I would be in support of such a change. :-) We are considering it for
> Mozilla policy. People currently find it too difficult to send reports
> to multiple CAs, having to cope with lots of different mechanisms.
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170824/66fb64ea/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4025 bytes
Desc: Firma crittografica S/MIME
URL: <http://cabforum.org/pipermail/public/attachments/20170824/66fb64ea/attachment.p7s>
More information about the Public
mailing list