On 16/10/2016 09:59, Adrian R. wrote:
i read in the news (but not here on m.d.s.p) that a few days ago Globalsign
revoked one of their intermediary roots and then un-revoked it (well, the
revocation is accidental, but it was still a properly announced revocation, via
signed CRL and OCSP).
They rolled back the revocation, but i thought that the BRs explicitly forbid
that a suspended/revoked certificate be un-suspended/un-revoked.
is this revival/un-revocation of an intermediary CA allowed by the BRs?
I have just read that page, and find it utterly confusing and badly
written. Lot's of formal tone of voice, but no precision or clarity.
What I would have expected was a much clearer statement (on the page,
not in some linked document) as to:
1. Which Intermediary CA certificates were affected (because
certificate holders cannot see the cache state affecting relying
parties, we need to check our certificates against something
specific to see if we are affected).
2. If this affects all AlphaSSL and CloudSSL certificates or only some
3. If this was an "exercise" (training/experimental etc.) or an actual
4. If the revoked cross certificate was one of the cross certificates
previously provided to certificate holders to allow us to make our
servers compatible with older clients, and if so, which one.
5. If this was e-mailed to all potentially affected certificate
holders, or just dumped in some public forums which certificate
holders might not see in time to take necessary action.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
dev-security-policy mailing list