[cabfpub] Ballot 213 - Revocation Timeline Extension

Wayne Thayer wthayer at godaddy.com
Fri Sep 1 17:51:59 UTC 2017


I have a question related to the (unchanged) requirement that the CA revoke the certificate within 24 hours if ‘the subscriber requests in writing that the CA revoke the Certificate’. Presumably, this is the subscriber sending an email to the CA’s problem reporting email address. If so, I would hope that the CA is doing something to confirm that the email came from the actual Subscriber. If the CA can’t confirm that the email came from the Subscriber within 24 hours, then what? I think this requirement would be improved if it allowed the CA to provide an authenticated Subscriber with a mechanism for revoking the certificate themselves, possibly in combination with a requirement that the CA provide a mechanism for the Subscriber to recover lost credentials.

Thanks,

Wayne
From: Public <public-bounces at cabforum.org> on behalf of Jeremy Rowley via Public <public at cabforum.org>
Reply-To: Jeremy Rowley <jeremy.rowley at digicert.com>, CA/Browser Forum Public Discussion List <public at cabforum.org>
Date: Thursday, August 31, 2017 at 9:41 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] Ballot 213 - Revocation Timeline Extension

A revised version is attached. Additional comments and/or endorsements are welcome!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170901/8aead196/attachment-0003.html>


More information about the Public mailing list