[cabfpub] Ballot 213 - Revocation Timeline Extension

Gervase Markham gerv at mozilla.org
Wed Sep 6 16:00:48 UTC 2017


On 06/09/17 16:53, Wayne Thayer via Public wrote:
> I can accept this interpretation, but I do think that most emails (lacking a digital signature or shared secret) fall into this bucket.

Do we need to have a discussion about appropriate ways to validate
revocation requests?

If the customer has an account of some sort, presumably they could log
in and request a revocation, and perhaps an email request would be met
with a response asking them to do so. But if there is no account?

Gerv



More information about the Public mailing list