On Sunday, 16 October 2016 08:59:13 UTC+1, Adrian R.  wrote:
> They rolled back the revocation, but i thought that the BRs explicitly forbid 
> that a suspended/revoked certificate be un-suspended/un-revoked.

I don't know whether the exact text permits this, but it seems from a common 
sense point of view that what happened here wasn't a revoked certificate being 
unrevoked, but instead a technical fault resulted in the creation of Bad OCSP 
responses for a period of time by mistake for certificates GlobalSign never 
actually revoked. Mere _machines_ believed these certificates had been revoked, 
but they were not.

Although we'd usually say "contract" means a signed piece of paper the law 
considers that just an artefact, a contract is the "meeting of minds" requiring 
both parties to understand and agree on its terms. That's why tricking someone 
into signing works in the movies but not so much in real life. Likewise I think 
an OCSP "Bad" response, though we'd colloquially call it a revocation is only a 
technical artefact, actual revocation is a decision by the Issuer.

Does that make sense?
dev-security-policy mailing list

Reply via email to