On Mon, Jun 29, 2015 at 8:38 AM, Jesus F <[email protected]> wrote: > The CRL downloaded on june 29th from http://crls8.wosign.com/ca8-ssl4.crl > (CRL distribution point in https://root5evtest.wosign.com certificate) has a > CRL number of "00". > It also applies for the CRL downloaded on the same date from > http://crls6.wosign.com/ca6-ssl4.crl (CRL distribution point in > https://root4evtest.wosign.com/) which has a CRL number of "00". > > According to the Webtrust for CA 2.0 "CAs include a monotonically increasing > sequence number for each CRL issued by that CA." (See section 6.8 control 7). > Also see section 5.2.3 of the RFC5280 ("The CRL number is a non-critical CRL > extension that conveys a monotonically increasing sequence number for a given > CRL scope and CRL issuer"). > > As WoSign has the Webtrust for CA Seal, could WoSign please explain how this > control is fullfilled?
Those are from two different CAs. Under WebTrust definitions, a CA is not a company, rather it is a signing certificate authority. Many companies don't just operate one CA, they operate many CAs. This is what you see from WoSign -- two CAs, each of which has their own monotonically increasing sequence number. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
