[cabfpub] Reviving Ballot 213 - Revocation Timeline Extension

Wayne Thayer wthayer at mozilla.com
Wed May 16 13:27:12 MST 2018

On Wed, May 16, 2018 at 1:19 PM Ryan Sleevi <sleevi at google.com> wrote:

> On Wed, May 16, 2018 at 4:00 PM, Wayne Thayer via Public <
> public at cabforum.org> wrote:
>> Lat year, Jeremy proposed changes to section 4.9 of the BRs. I'd like to
>> revive that discussion with the following ballot proposal:
>> https://github.com/cabforum/documents/compare/master...wthayer:patch-1
>> Summary of Changes:
>> * The first change creates a tiered timeline for revocations. The most
>> critical "reasons" still require revocation within 24 hours, but for many
>> others 24 hours becomes a SHOULD and the CA has 5 days before they MUST
>> revoke. This was the original motivation for the ballot, due in part to
>> last year's wave of misissued certs identified by linting tools.
> I'm not sure that matches my understanding or the early discussions. In
> several cases, it was a Subscriber self-own, and the risk that revocation
> was perceived as having impact to those subscribers.
> >
That's fair. I'm unclear on the meaning of "Subscriber self-own", but agree
that the concern was the impact a rushed revocation often has on the
Subscriber and their website.

> I'm not sympathetic to CAs' linting failures being a reason to extend
> revocation dates. If a CA fails to abide by the Guidelines, and customers
> of that CA are affected, they may want to choose CAs that are more
> carefully and correctly operated. That's not a lack of sympathy - that's a
> recognition that extensions for CA failure are a perverse incentive to
> reward failure.
> I fully acknowledge it's a tension, though, and am simply hesitant to open
> the door to some gradations of CA screw-ups, while acknowledging the
> challenges that sites that have not switched to automated solutions face
> when presented with revocation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180516/5be1f47c/attachment.html>

More information about the Public mailing list