[Smcwg-public] [EXTERNAL]-Re: Use of the certificateHold CRLreason for leaf certificates

Fri Sep 2 14:13:05 UTC 2022

Russ:
Unless I missed some message Tim said that and/or means “that it can be in the CP and the CPS, or just the CP, or just the CPS”. This is the same I said.

Something to consider is that, eventually, the CP could state that the CA will stipulate the provisions around suspension in the CPS.

So all depends how the documents are written, but the key point here is that, for any kind of stipulation, CP and CPS must be consistent.

Best,
Pedro

On 2 Sep 2022, at 15:58, Russ Housley <housley at vigilsec.com<mailto:housley at vigilsec.com>> wrote:

Pedro:

Please see the analysis by Tim.  As I said, I am not content with is only appearing in a CPS.  If it appears in a document that serves as both a CP and a CPS, that is acceptable to me.

Russ

On Sep 2, 2022, at 1:40 AM, Pedro FUENTES <pfuentes at WISEKEY.COM<mailto:pfuentes at WISEKEY.COM>> wrote:

Hi Russ,
The traditional interpretation of and/or is actually “or”, from a logical perspective.
Anyway, if I’m wrong I’m happy to be corrected.
BR/P

Le 1 sept. 2022 à 22:10, Russ Housley <housley at vigilsec.com<mailto:housley at vigilsec.com>> a écrit :

Pedro:

Which means that it could be only be in the CPS and not in the CP.  I could live with "and".  I think "and/or" is what causes the problem.

Russ

On Sep 1, 2022, at 3:50 PM, Pedro FUENTES <pfuentes at WISEKEY.COM<mailto:pfuentes at WISEKEY.COM>> wrote:

Well.. I could be wrong as I’m using my mobile, but I thought I saw in GitHub “CP and/or CPS”

Le 1 sept. 2022 à 21:24, Russ Housley <housley at vigilsec.com<mailto:housley at vigilsec.com>> a écrit :

 Pedro:

In my view, the current wording would allow a CA to only discuss suspension in the CPS, even if that CA has both a CP and a CPS.  That seems wrong to me.

Russ

On Sep 1, 2022, at 3:13 PM, Pedro FUENTES <pfuentes at WISEKEY.COM<mailto:pfuentes at WISEKEY.COM>> wrote:

Although we do, not all CAs have separate CP and CPS. The wording must be flexible.

Le 1 sept. 2022 à 21:07, Russ Housley via Smcwg-public <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>> a écrit :

 Stephen:

I would strongly prefer that any use of suspension be described in the CP (not the CPS).

Russ

On Sep 1, 2022, at 11:54 AM, Stephen Davidson via Smcwg-public <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>> wrote:

Hello:

Following active discussion relating to suspension for leaf certificates by the WG, it was agreed to document the use of suspension for the Legacy and Multipurpose certificate generations.
There were arguments regarding the appropriateness of certificateHold in the context of S/MIME, and its effectiveness in the face of limited client support.
However, suspension is permitted by some other standards and regulations, and is used by CAs for S/MIME-capable certificates in some regions.
It is likely that future ballots may further amend these Requirements relating to suspension.
A draft of the changes may be found at https://github.com/cabforum/smime/commit/347eb1b93e1ac5b2ceb13692ce958b6ebd5af5ff<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_commit_347eb1b93e1ac5b2ceb13692ce958b6ebd5af5ff&d=DwMFAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=QA7hqsdMpnHwMPA2pcup2gL9nERRGC0S4brZ42fCVuY&e=>

Regards, Stephen
_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org<mailto:Smcwg-public at cabforum.org>
https://lists.cabforum.org/mailman/listinfo/smcwg-public<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMFAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=DMu9IJhPx628INsjWMRc2MyGOOA7IeBKkXH3Zai7648&e=>

_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org<mailto:Smcwg-public at cabforum.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=tqhseCjhGy1A7E44VMn6WzaiveyVhTw1OH3Hqh75XMA&s=DMu9IJhPx628INsjWMRc2MyGOOA7IeBKkXH3Zai7648&e=

<signature.asc>

WISeKey SA
Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790
Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland
Stay connected with WISeKey<http://www.wisekey.com>

THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks

CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender

DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220902/17ad9097/attachment-0001.html>