On Sunday, 16 October 2016 08:59:13 UTC+1, Adrian R. wrote:
> They rolled back the revocation, but i thought that the BRs explicitly forbid
> that a suspended/revoked certificate be un-suspended/un-revoked.
I don't know whether the exact text permits this, but it seems from a common
sense point of view that what happened here wasn't a revoked certificate being
unrevoked, but instead a technical fault resulted in the creation of Bad OCSP
responses for a period of time by mistake for certificates GlobalSign never
actually revoked. Mere _machines_ believed these certificates had been revoked,
but they were not.
Although we'd usually say "contract" means a signed piece of paper the law
considers that just an artefact, a contract is the "meeting of minds" requiring
both parties to understand and agree on its terms. That's why tricking someone
into signing works in the movies but not so much in real life. Likewise I think
an OCSP "Bad" response, though we'd colloquially call it a revocation is only a
technical artefact, actual revocation is a decision by the Issuer.
Does that make sense?
dev-security-policy mailing list