[cabfpub] On the use of misuse - and the necessity to remove it

Adriano Santoni adriano.santoni at staff.aruba.it
Fri Jun 8 13:24:09 UTC 2018 

Well, §4.9 of the CPS is about certificate revocation, and here we are 
discussing about whether and when a CA reserves the right to revoke a 
"misused" certificate, whatever "misused" means (to a particular CA). So 
it seems to me that §4.9 - and particularly §4.9.1 (circumstances for 
revocation) - can be a suitable location in the CPS where to define 
"misuse". But I appreciate that §1.4 is also an appropriate place. At 
any rate, I am not going to fight over this.


Il 08/06/2018 14:51, Ryan Sleevi ha scritto:
> I'm not sure - can you explain why you think putting it in 4.9 would 
> be consistent with 3647?
>
> I think the goal is to have a consistent place that all Subscribers 
> and Relying Parties can expect things. 3647 provides for that in 
> Section 1.4. I'm not sure why we'd want to permit and/or - that seems 
> like it creates more work for everyone?
>
> On Fri, Jun 8, 2018 at 8:07 AM, Adriano Santoni 
> <adriano.santoni at staff.aruba.it 
> <mailto:adriano.santoni at staff.aruba.it>> wrote:
>
>     More explicitly, with reference to RFC 3647, I'd suggest that a
>     description of what the CA means by "misuse" (or an equivalent
>     term or expression) should be found in §1.4 and/or §4.9 of the
>     CA's CPS.
>
>
>     Il 08/06/2018 13:52, Ryan Sleevi ha scritto:
>>     Could you expand a bit more?
>>
>>     One of the concerns raised by multiple browsers, but particularly
>>     articulated by Wayne, was that CAs are documenting things all
>>     over, and so it's difficult for consumers to know where it will
>>     be documented. Do you currently document it, and in a different
>>     section?
>>
>>     It was an explicit goal of Ballot 217 to ensure that CAs are
>>     following the 3647 format, and as Moudrick highlighted, that's
>>     already got a dedicated section for that purpose. If you did want
>>     to place information in additional places, that's certainly
>>     possible - but it means your example 1.4.2 would say something like
>>
>>     "Certificates issued under this policy shall not be used
>>     for hazardous environments requiring fail-safe controls,
>>     including without limitation, the design, construction,
>>     maintenance or operation of nuclear facilities, aircraft
>>     navigation or communication systems, air traffic control, and
>>     life support or weapons systems. Further, certificates issued
>>     under this policy may not be used for the purposes defined in
>>     Appendix A"
>>
>>     Does that sound... reasonable?
>>
>>
>>     On Fri, Jun 8, 2018 at 7:37 AM, Adriano Santoni
>>     <adriano.santoni at staff.aruba.it
>>     <mailto:adriano.santoni at staff.aruba.it>> wrote:
>>
>>         I'd prefer not to restrict the sections of the CA's CP/CPS
>>         where the definition of "misuse" (or "misused") is to be found:
>>
>>         4.9.1.1 (future)
>>         "4. The CA obtains evidence that the Certificate was misused,
>>         as defined by the CA's CP/CPS;"
>>
>>
>>
>>         Il 08/06/2018 12:54, Ryan Sleevi ha scritto:
>>>         4.9.1.1 (future)
>>>         "4. The CA obtains evidence that the Certificate was
>>>         misused, as defined by Section 1.4.1 and 1.4.2 of the CA's
>>>         CP/CPS;"
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180608/74cd4cc0/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4025 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180608/74cd4cc0/attachment-0003.p7s>

More information about the Public mailing list