[cabfpub] How do you handle mass revocation requests?

Geoff Keating geoffk at apple.com
Wed Feb 28 11:59:20 MST 2018


> This raises a question about the MDSP policy and CAB Forum requirements. Who is the subscriber in the reseller relation?  We believe this to be the key holder. However, the language is unclear.

‘Subscriber’ is a defined term in the BRs:
Subscriber: A natural person or Legal Entity to whom a Certificate is issued and who is legally bound by a Subscriber Agreement or Terms of Use.

That’s pretty clear and can’t be stretched to cover a reseller—a reseller won’t be able to comply with a Subscriber Agreement.

> At this time, Trustico has not provided any information about how these certificates were compromised or how they acquired the private keys.

One question I would have is whether Trustico is in compliance with 6.1.2, "Parties other than the Subscriber SHALL NOT archive the Subscriber Private Key without authorization by the Subscriber.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180228/b5d853ee/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180228/b5d853ee/attachment-0001.p7s>


More information about the Public mailing list