[cabfpub] Revocation Timeframe Ballot Language

Ryan Sleevi sleevi at google.com
Tue May 2 16:56:02 MST 2017


It probably comes as no surprise to anyone in the Forum that I'm not a big
fan of a blanket policy for CA discretion, much like the any other method
concerns :)

Jeremy previously had a pretty good draft here, but didn't go forward with
it. That's captured in
https://cabforum.org/pipermail/public/2015-March/005312.html

Are there new concerns why that approach wouldn't work?

On Tue, May 2, 2017 at 7:23 PM, Ben Wilson via Public <public at cabforum.org>
wrote:

> All,
>
>
>
> Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5 of
> the  Baseline Requirements.  To provide greater flexibility when revoking
> certificates, I am proposing that we remove the 24-hour revocation
> requirement from section 4.9.1.1 and replacing it with a criteria-based
> process found in section 4.9.5.  Section 4.9.5 (Time within which CA Must
> Process the Revocation Request) would read:
>
>
>
> The CA SHALL begin an investigation of the facts and circumstances related
> to a Certificate Problem Report or other revocation-related notice within
> one business day of receipt. After reviewing the facts and circumstances,
> the CA SHALL work with any entity reporting the Certificate Problem Report
> or other revocation-related notice to establish a date when the CA will
> revoke the Certificate or take whatever other appropriate action is
> warranted. The date selected by the CA SHOULD consider the following
> criteria:
>
> 1. The nature of the alleged problem (scope, context, severity, magnitude,
> risk of harm);
>
> 2. The consequences of revocation (direct and collateral impacts to
> Subscribers and Relying Parties);
>
> 3. The number of Certificate Problem Reports received about a particular
> Certificate or Subscriber;
>
> 4. The entity making the complaint (for example, a complaint from a law
> enforcement official that a Web site is engaged in illegal activities
> should carry more weight than a complaint from a consumer alleging that she
> didn’t receive the goods she ordered); and
>
> 5. Relevant legislation.
>
>
>
>
>
> Ben
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170502/ad8e2d64/attachment.html>


More information about the Public mailing list