[cabfpub] Issuance of certificates for keys reported as compromised

Tim Hollebeek tim.hollebeek at digicert.com
Tue Aug 21 11:34:59 MST 2018


 

Should we update the BRs to disallow issuance of certificates for key pairs
that have been previously reported as compromised?

 

I'm not aware of any CAs that currently do that check today, but it's not
that difficult to do.  It might be a sensible thing to add in the future.
However it only works if all CAs do it, otherwise subscribers will just get
their compromised key signed by a different CA.

 

-Tim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180821/e36813c1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180821/e36813c1/attachment.p7s>


More information about the Public mailing list