[cabfpub] Revocation Timeframe Ballot Language
Moudrick M. Dadashov
md at ssc.lt
Wed May 3 05:51:06 UTC 2017
Good day,
consider slightly modified p. 16:
The technical content or format of the Certificate *doesn't comply with
the applicable legislation of Subject's jursidiction or* presents an
unacceptable risk to Application Software Suppliers or Relying Parties
(e.g. the CA/Browser Forum might determine that a deprecated
cryptographic/signature algorithm or key size presents an unacceptable
risk and that such Certificates should be revoked and replaced by CAs
within a given period of time).
Thanks,
M.D.
On 5/3/2017 2:23 AM, Ben Wilson via Public wrote:
>
> All,
>
> Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5
> of the Baseline Requirements. To provide greater flexibility when
> revoking certificates, I am proposing that we remove the 24-hour
> revocation requirement from section 4.9.1.1 and replacing it with a
> criteria-based process found in section 4.9.5. Section 4.9.5 (Time
> within which CA Must Process the Revocation Request) would read:
>
> The CA SHALL begin an investigation of the facts and circumstances
> related to a Certificate Problem Report or other revocation-related
> notice within one business day of receipt. After reviewing the facts
> and circumstances, the CA SHALL work with any entity reporting the
> Certificate Problem Report or other revocation-related notice to
> establish a date when the CA will revoke the Certificate or take
> whatever other appropriate action is warranted. The date selected by
> the CA SHOULD consider the following criteria:
>
> 1. The nature of the alleged problem (scope, context, severity,
> magnitude, risk of harm);
>
> 2. The consequences of revocation (direct and collateral impacts to
> Subscribers and Relying Parties);
>
> 3. The number of Certificate Problem Reports received about a
> particular Certificate or Subscriber;
>
> 4. The entity making the complaint (for example, a complaint from a
> law enforcement official that a Web site is engaged in illegal
> activities should carry more weight than a complaint from a consumer
> alleging that she didn’t receive the goods she ordered); and
>
> 5. Relevant legislation.
>
> Ben
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170503/b62bd7ab/attachment-0002.html>
More information about the Public
mailing list