On 31/05/17 18:02, Matthew Hardeman wrote:
> Perhaps some reference to technologically incorrect syntax (i.e. an 
> incorrectly encoded certificate) being a mis-issuance?

Well, if it's so badly encoded Firefox doesn't recognise it, we don't
care too much (apart from how it speaks to incompetence). If Firefox
does recognise it, then I'm not sure "misissuance" is the right word if
all the data is correct.

> How far does "those containing information which was not properly validated" 
> go?  Does that leave the opportunity for someone's tortured construction of 
> the rule to suggest that a certificate that everyone agrees is NOT mis-issued 
> is in fact technically mis-issued?

Certs containing data which is not properly validated, which
nevertheless happens by chance to be correct, are still mis-issued,
because they are BR-non-compliant. It may be hard to detect this case,
but I think it should be in the definition. A CA has a positive duty to
validate/revalidate all data within the timescales established.

dev-security-policy mailing list

Reply via email to