[Smcwg-public] [EXTERNAL]-Re: Use of the certificateHold CRLreason for leaf certificates

Russ Housley housley at vigilsec.com
Fri Sep 2 13:58:39 UTC 2022 

Pedro:

Please see the analysis by Tim.  As I said, I am not content with is only appearing in a CPS.  If it appears in a document that serves as both a CP and a CPS, that is acceptable to me.

Russ


> On Sep 2, 2022, at 1:40 AM, Pedro FUENTES <pfuentes at WISEKEY.COM> wrote:
> 
> Hi Russ,
> The traditional interpretation of and/or is actually “or”, from a logical perspective.
> Anyway, if I’m wrong I’m happy to be corrected.
> BR/P
> 
>> Le 1 sept. 2022 à 22:10, Russ Housley <housley at vigilsec.com> a écrit :
>> 
>> Pedro:
>> 
>> Which means that it could be only be in the CPS and not in the CP.  I could live with "and".  I think "and/or" is what causes the problem.
>> 
>> Russ
>> 
>> 
>>> On Sep 1, 2022, at 3:50 PM, Pedro FUENTES <pfuentes at WISEKEY.COM <mailto:pfuentes at WISEKEY.COM>> wrote:
>>> 
>>> Well.. I could be wrong as I’m using my mobile, but I thought I saw in GitHub “CP and/or CPS”
>>> 
>>>> Le 1 sept. 2022 à 21:24, Russ Housley <housley at vigilsec.com <mailto:housley at vigilsec.com>> a écrit :
>>>> 
>>>>  Pedro:
>>>> 
>>>> In my view, the current wording would allow a CA to only discuss suspension in the CPS, even if that CA has both a CP and a CPS.  That seems wrong to me.
>>>> 
>>>> Russ
>>>> 
>>>> 
>>>>> On Sep 1, 2022, at 3:13 PM, Pedro FUENTES <pfuentes at WISEKEY.COM <mailto:pfuentes at WISEKEY.COM>> wrote:
>>>>> 
>>>>> Although we do, not all CAs have separate CP and CPS. The wording must be flexible.
>>>>> 
>>>>>> Le 1 sept. 2022 à 21:07, Russ Housley via Smcwg-public <smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org>> a écrit :
>>>>>> 
>>>>>>  Stephen:
>>>>>> 
>>>>>> I would strongly prefer that any use of suspension be described in the CP (not the CPS).
>>>>>> 
>>>>>> Russ
>>>>>> 
>>>>>> 
>>>>>>> On Sep 1, 2022, at 11:54 AM, Stephen Davidson via Smcwg-public <smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org>> wrote:
>>>>>>> 
>>>>>>> Hello:
>>>>>>> 
>>>>>>> Following active discussion relating to suspension for leaf certificates by the WG, it was agreed to document the use of suspension for the Legacy and Multipurpose certificate generations.
>>>>>>> There were arguments regarding the appropriateness of certificateHold in the context of S/MIME, and its effectiveness in the face of limited client support.
>>>>>>> However, suspension is permitted by some other standards and regulations, and is used by CAs for S/MIME-capable certificates in some regions.
>>>>>>> It is likely that future ballots may further amend these Requirements relating to suspension.
>>>>>>> A draft of the changes may be found at https://github.com/cabforum/smime/commit/347eb1b93e1ac5b2ceb13692ce958b6ebd5af5ff <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_commit_347eb1b93e1ac5b2ceb13692ce958b6ebd5af5ff&d=DwMFAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=QA7hqsdMpnHwMPA2pcup2gL9nERRGC0S4brZ42fCVuY&e=>
>>>>>>> 
>>>>>>> Regards, Stephen
>>>>>>> _______________________________________________
>>>>>>> Smcwg-public mailing list
>>>>>>> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org>
>>>>>>> https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMFAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=DMu9IJhPx628INsjWMRc2MyGOOA7IeBKkXH3Zai7648&e=>
>>>>>> _______________________________________________
>>>>>> Smcwg-public mailing list
>>>>>> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org>
>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=DMu9IJhPx628INsjWMRc2MyGOOA7IeBKkXH3Zai7648&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=DMu9IJhPx628INsjWMRc2MyGOOA7IeBKkXH3Zai7648&e=>
>>>> 
>> 
> 
> <signature.asc>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220902/c22471ba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220902/c22471ba/attachment.sig>

More information about the Smcwg-public mailing list