[Smcwg-public] [EXTERNAL]-Re: Use of the certificateHold CRLreason for leaf certificates

Russ Housley housley at vigilsec.com
Thu Sep 1 19:24:29 UTC 2022


In my view, the current wording would allow a CA to only discuss suspension in the CPS, even if that CA has both a CP and a CPS.  That seems wrong to me.


> On Sep 1, 2022, at 3:13 PM, Pedro FUENTES <pfuentes at WISEKEY.COM> wrote:
> Although we do, not all CAs have separate CP and CPS. The wording must be flexible. 
>> Le 1 sept. 2022 à 21:07, Russ Housley via Smcwg-public <smcwg-public at cabforum.org> a écrit :
>>  Stephen:
>> I would strongly prefer that any use of suspension be described in the CP (not the CPS).
>> Russ
>>> On Sep 1, 2022, at 11:54 AM, Stephen Davidson via Smcwg-public <smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org>> wrote:
>>> Hello:
>>> Following active discussion relating to suspension for leaf certificates by the WG, it was agreed to document the use of suspension for the Legacy and Multipurpose certificate generations.
>>> There were arguments regarding the appropriateness of certificateHold in the context of S/MIME, and its effectiveness in the face of limited client support.
>>> However, suspension is permitted by some other standards and regulations, and is used by CAs for S/MIME-capable certificates in some regions.
>>> It is likely that future ballots may further amend these Requirements relating to suspension.
>>> A draft of the changes may be found at https://github.com/cabforum/smime/commit/347eb1b93e1ac5b2ceb13692ce958b6ebd5af5ff <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_commit_347eb1b93e1ac5b2ceb13692ce958b6ebd5af5ff&d=DwMFAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=QA7hqsdMpnHwMPA2pcup2gL9nERRGC0S4brZ42fCVuY&e=>
>>> Regards, Stephen
>>> _______________________________________________
>>> Smcwg-public mailing list
>>> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org>
>>> https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMFAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=DMu9IJhPx628INsjWMRc2MyGOOA7IeBKkXH3Zai7648&e=>
>> _______________________________________________
>> Smcwg-public mailing list
>> Smcwg-public at cabforum.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=DMu9IJhPx628INsjWMRc2MyGOOA7IeBKkXH3Zai7648&e=

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220901/f7cf0edd/attachment.html>

More information about the Smcwg-public mailing list