[cabfpub] Revocation Timeframe Ballot Language

Moudrick M. Dadashov md at ssc.lt
Wed May 3 05:51:06 UTC 2017


Good day,

consider slightly modified p. 16:

The technical content or format of the Certificate *doesn't comply with 
the applicable legislation of Subject's jursidiction or* presents an 
unacceptable risk to Application Software Suppliers or Relying Parties 
(e.g. the CA/Browser Forum might determine that a deprecated 
cryptographic/signature algorithm or key size presents an unacceptable 
risk and that such Certificates should be revoked and replaced by CAs 
within a given period of time).

Thanks,
M.D.

On 5/3/2017 2:23 AM, Ben Wilson via Public wrote:
>
> All,
>
> Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5 
> of the  Baseline Requirements.  To provide greater flexibility when 
> revoking certificates, I am proposing that we remove the 24-hour 
> revocation requirement from section 4.9.1.1 and replacing it with a 
> criteria-based process found in section 4.9.5.  Section 4.9.5 (Time 
> within which CA Must Process the Revocation Request) would read:
>
> The CA SHALL begin an investigation of the facts and circumstances 
> related to a Certificate Problem Report or other revocation-related 
> notice within one business day of receipt. After reviewing the facts 
> and circumstances, the CA SHALL work with any entity reporting the 
> Certificate Problem Report or other revocation-related notice to 
> establish a date when the CA will revoke the Certificate or take 
> whatever other appropriate action is warranted. The date selected by 
> the CA SHOULD consider the following criteria:
>
> 1. The nature of the alleged problem (scope, context, severity, 
> magnitude, risk of harm);
>
> 2. The consequences of revocation (direct and collateral impacts to 
> Subscribers and Relying Parties);
>
> 3. The number of Certificate Problem Reports received about a 
> particular Certificate or Subscriber;
>
> 4. The entity making the complaint (for example, a complaint from a 
> law enforcement official that a Web site is engaged in illegal 
> activities should carry more weight than a complaint from a consumer 
> alleging that she didn’t receive the goods she ordered); and
>
> 5. Relevant legislation.
>
> Ben
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170503/b62bd7ab/attachment-0002.html>


More information about the Public mailing list