[cabfpub] Ballot 213 - Revocation Timeline Extension
sleevi at google.com
Wed Oct 11 11:02:26 MST 2017
On Wed, Oct 11, 2017 at 1:52 PM, Jeremy Rowley <jeremy.rowley at digicert.com>
> I don’t understand why we are mixing creation of separate mailing list
> discussion for reporting BR violations with the revocation timeline change.
> The two aren’t closely related, at least, no more than any other BR
> violation and public disclosure requirement. Because certificate problem
> reporters are free to publish the problem report wherever they would like,
> I see a benefit in a publicly open list where people can post certificate
> problem reports and violations of policy to the CAB Forum. I’d even
> support/endorse a separate ballot on creating a public mailing list where
> interested parties (or even non-interested parties) can discuss and report
> violations of the BRs and reasons for the violations. What I don’t
> understand is the tie to certificate revocation timelines ballot.
Unfortunately, in the set of concerns, the substance was lost. So recapping
from the earlier threads:
Summarize our early set of discussion, with the substance at
Note that in these messages, the specific proposal was to keep the
expectation at 24 hours (SHOULD), the requirement at 7 days (MUST), and
require a disclosure (MUST) if it takes more than 24 hours. In the
discussion ensuing, the updated ballot changed it to requiring disclosure
if more than 7 days - e.g. a BR violation - but that wasn't the original
proposal, nor the original concern.
Does that help clarify?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public