[cabf_validation] EV CRL Checking
Tim Hollebeek
tim.hollebeek at digicert.com
Fri Jul 29 17:26:47 UTC 2022
We support this proposal. It's been discussed a few times in the past, and it's time to just fix it.
-Tim
From: Validation <validation-bounces at cabforum.org> On Behalf Of Bruce Morton via Validation
Sent: Friday, July 29, 2022 1:24 PM
To: CABforum3 <validation at cabforum.org>
Subject: [cabf_validation] EV CRL Checking
EV CRL Checking:
* EVG 13 states "CAs MUST ensure that CRLs for an EV Certificate chain can be downloaded in no more than three (3) seconds over an analog telephone line under normal network conditions."
* This requirement was in draft 11 in 2007. I believe that it was added to support dial up Windows users.
* This is a requirement is hard to measure/test by the CA and auditor and does not provide much value with common high speed internet; however, it still remains to be a requirement.
* Is it possible that we could drop this requirement and only require BR 4.9?
My proposal is a follows:
EVG 4, replace "The requirements in Section 4.9 of the Baseline Requirements apply equally to EV Certificates. However, CAs MUST ensure that CRLs for an EV Certificate chain can be downloaded in no more than three (3) seconds over an analog telephone line under normal network conditions."
With "The requirements in Section 4.9 of the Baseline Requirements apply equally to EV Certificates."
Thanks, Bruce.
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20220729/c9a2cd84/attachment.html>
More information about the Validation
mailing list