[cabfpub] Revocation ballot v2
Ryan Sleevi
sleevi at google.com
Wed Aug 23 19:09:30 UTC 2017
To make sure I'm summarizing the meaningful change:
- 7 days upon when a CA itself decides a violation (e.g. CA failing to
follow its CP/CPS or the Baseline Requirements)
- 14 days (up to 7 days for investigation/confirmation) for an external
report of a CA violating its CP/CPS
- 7 days for investigation & FINAL report
- While still requiring that CAs MUST NOT exceed 7 days from that
determination to revoke
And not requiring any transparency for reports the CA determines are 'not
valid', right? Meaning any problem reporter who feels the CA's response is
inadequate must, as they do today, escalate to Application Software
Suppliers.
Did I properly summarize? I want to make sure I parse it right (the "MUST
not" was subtle, for example, in part due to non-2119 capitalization),
particularly that the CA must still revoke within a total of 14 days for
externally-reported-and-confirmed issues.
On Wed, Aug 23, 2017 at 2:56 PM, Jeremy Rowley via Public <
public at cabforum.org> wrote:
> Attached is a revised version of the revocation ballot. This leaves the
> revocation deadline at 24 hours for key compromise, but gives CAs a week to
> respond to other issues. Pretty sure I don’t need to preface where this
> proposal is coming from.
>
>
>
> Thoughts?
>
> Jeremy
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170823/115f2d23/attachment-0003.html>
More information about the Public
mailing list