Eddy Nigg dixit: > On 11/08/2010 11:55 PM, From Kathleen Wilson: >> The text is currently: >> 2. CAs must revoke a Certificate that it has issued upon the occurrence of >> any >> of the following events: >> * the subscriber requests revocation of its certificate; >> * the subscriber indicates that the original certificate request was not >> authorized and does not retroactively grant authorization;
[…] > Arbitrary revocation requests by a subscriber in my opinion don't contribute > anything. There is a difference between “arbitrary” and “caused by a bug in the software used (which can happen despite following industry best practice) that may have led to key material disclosure”, though. IMHO, there is absolutely *no* justification to request payment for either a rekeying or a revocal, in those cases. (Not issuing a new certificate after a revocal is acceptable.) bye, //mirabilos -- I believe no one can invent an algorithm. One just happens to hit upon it when God enlightens him. Or only God invents algorithms, we merely copy them. If you don't believe in God, just consider God as Nature if you won't deny existence. -- Coywolf Qi Hunt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
