[Servercert-wg] [cabfpub] [EXTERNAL] Ballot SC6 - Revocation Timeline Extension

Wayne Thayer wthayer at mozilla.com
Thu Aug 16 14:35:17 MST 2018


On Thu, Aug 16, 2018 at 2:13 PM Curt Spann <cspann at apple.com> wrote:

> Hi Wayne,
>
> Have you considered adding language to address what happens if the domain
> registration is sold or transferred to other person/org? I am thinking of
> the scenario where a person buys a domain name and would like the
> previously issues certificates (which are still time valid) revoked.
>
> Yes, I did add language to cover that scenario: "The CA obtains evidence
that the validation of domain authorization or control for any
Fully-Qualified Domain Name or IP address in the Certificate should not be
relied upon."

There was some debate about how specific we should make this requirement
[1] that resulted in the ballot language.

[1] https://github.com/wthayer/documents/pull/1#discussion_r185324648

Another question I have is related to the the wording “in writing”. Is that
> defined somewhere?
> From the ballot text:
> The CA SHALL revoke a Certificate within 24 hours if:
> 1. The Subscriber requests in *writing* that the CA revoke the
> Certificate;
>
> No, I don't believe that phrase is defined. However it is the existing
language and is used in two other places in the BRs. I believe the typical
interpretation is paper, fax, email, or other forms of electronic
communication such as a form submission from the CA's website.

Regards,
> Curt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20180816/453d0042/attachment.html>


More information about the Servercert-wg mailing list