On 20/05/16 10:09, Ben Laurie wrote:
On 19 May 2016 at 17:15, <[email protected]> wrote:
4.9.3. Procedure for Revocation Request
"*** The CA SHALL provide Subscribers, Relying Parties, Application Software
Suppliers, and other third parties with clear instructions for reporting suspected
Private Key Compromise, Certificate misuse, or other types of fraud, compromise, misuse,
inappropriate conduct, or any other matter related to Certificates. The CA SHALL publicly
disclose the instructions through a readily accessible online means."
I've tried a few times to find these readily accessible instructions
for any CA whatsoever. Do they exist? Where are Trend Micro's, for
example?
Kathleen,
"The CA SHALL publicly disclose the instructions through a readily
accessible online means" immediately makes me think of the Mozilla CA
Community in Salesforce.
Is there a field in the Salesforce system (per CA Owner, I'd have
thought) that indicates where the CA publishes these "clear instructions"?
Also, is it your intent to make the Salesforce system publicly readable?
(IINM, it's only readable by representatives of CAs at the moment).
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
