[cabfpub] [Ext] How do you handle mass revocation requests?
paul.hoffman at icann.org
Fri Mar 2 15:13:40 UTC 2018
On Mar 2, 2018, at 6:04 AM, philliph--- via Public <public at cabforum.org> wrote:
> Going back to the original question.
> We have a format for a certificate request (well a few actually). Do we have a PKIX feature that can be used to allow a key holder to request revocation? I can’t think of a PKIX standard for one
I'm 99% sure that Phill is correct here. We discussed "suicide notes" in PKIX a few times over the decades, and I believe we never came to any conclusion. If such a format has been standardized, I can't find it easily by searching.
> and it does appear to be a missing feature.
In a world where you might have bought a certificate from a CA or, in particular, a reseller with whom you might no longer be able to communicate (such as if they go out of business), being able to create a signed request with proof-of-possesion of the private key would be a valuable feature for the Web PKI.
More information about the Public