[cabfpub] Ballot 213 - Revocation Timeline Extension

Gervase Markham gerv at mozilla.org
Fri Sep 1 08:39:33 UTC 2017


On 01/09/17 05:40, Jeremy Rowley via Public wrote:
> A revised version is attached. Additional comments and/or endorsements
> are welcome!

We will endorse when the time comes; a couple of comments beforehand:

4.9.5: c) says "alleging an issue other than key compromise", which
could be construed to cover only a), thereby leaving b) in limbo a
little bit. Suggestion: replace those words with "alleging any other
problem with the certificate".

4.9.5 has this new text: "If any ambiguity in these Requirements will
result in a delay of more than seven days in providing a final
determination of a Certificate Problem Report, the CA SHALL first notify
the CA/Browser Forum of the ambiguity by emailing questions at cabforum.org."

I can sort of see what you are trying to do here, but this rather puts
the CAB Forum in the role of "BR cop". Could we instead do something
like: "If there is a delay of more than seven days in providing a final
determination of a Certificate Problem Report, the CA SHALL explain the
reason for the delay in the final report sent to the Subscriber and the
filing entity." The filing entity then, of course, as the option of
passing that on to a root program, the CAB Forum or anyone else.

Gerv



More information about the Public mailing list