[cabfpub] [Servercert-wg] [EXTERNAL] Ballot SC6 v2 - Revocation Timeline Extension
sleevi at google.com
Wed Aug 29 09:05:10 MST 2018
On Wed, Aug 29, 2018 at 11:53 AM Wayne Thayer <wthayer at mozilla.com> wrote:
> On Wed, Aug 29, 2018 at 7:33 AM Bruce Morton <
> Bruce.Morton at entrustdatacard.com> wrote:
>> Works for me.
>> On Aug 29, 2018, at 10:29 AM, Ryan Sleevi <sleevi at google.com> wrote:
>> Just to confirm: Your concern is about the CA feeling that the evidence
>> does not meet any of the requirements to revoke, and wanting it to be clear
>> that that is a valid outcome of a problem report, correct?
>> The problem with the suggested wording (and perhaps implicit in the
>> existing wording) is that it suggests that the period to "work with the
>> Subscriber and any entity" is unbounded, and once a determination is made,
>> then it must be within the bounds of 184.108.40.206's time period. That is, say,
>> 24 hours + as much "work with" time as you want. This is because the
>> modified wording seemingly attaches the "which MUST not" to the date in
>> which the CA will revoke, rather than the overall process.
>> The CA SHALL work with the Subscriber and any entity reporting the
>> Certificate Problem Report or other revocation-related notice to establish
>> whether or not the certificate will be revoked, and if so, a date which the
>> CA will revoke the certificate. The period from report to published
>> revocation MUST NOT exceed the time frame set forth in Section 220.127.116.11.
> Does "report" here mean the preliminary report on its findings, or the
> Certificate Problem Report? I am happy to accept this change once that is
I was thinking about that on the drive in today :)
"The period from receipt of report or notice to published revocation" ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public