i read in the news (but not here on m.d.s.p) that a few days ago Globalsign
revoked one of their intermediary roots and then un-revoked it (well, the
revocation is accidental, but it was still a properly announced revocation, via
signed CRL and OCSP).
They rolled back the revocation, but i thought that the BRs explicitly forbid
that a suspended/revoked certificate be un-suspended/un-revoked.
is this revival/un-revocation of an intermediary CA allowed by the BRs?
(p.s. can we call this revived certificate a zombie? :) )
(off-topic note: sigh, was intending not to post here again because news relay
servers that strip DKIM signatures will generate a lot of DMARC failure reports
for rejected messages. oh well.)
dev-security-policy mailing list