Hi Pedro! Why do you believe that BRGs 4.9.13 is only applicable for EE / Subscriber certs?
> 4.9.13. Circumstances for Suspension > The Repository MUST NOT include entries that indicate that a Certificate is > suspended. With best regards, Rufus Buschart Siemens AG Information Technology Human Resources PKI / Trustcenter GS IT HR 7 4 Hugo-Junkers-Str. 9 90411 Nuernberg, Germany Tel.: +49 1522 2894134 mailto:rufus.busch...@siemens.com www.twitter.com/siemens www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322 > -----Ursprüngliche Nachricht----- > Von: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> Im > Auftrag von Pedro Fuentes via dev-security-policy > Gesendet: Montag, 4. Februar 2019 16:40 > An: mozilla-dev-security-pol...@lists.mozilla.org > Betreff: Is it allowed the suspension of Issuing CAs? > > Hello, > sorry if this is a silly question, but I was wondering if it is allowed that > a Root or Intermediate CA suspends the certificate of an issuing > CA. > > We can imagine the case of a suspected key compromise, or even a contractual > breach, that could lead to recommend putting the > Issuing CA in "quarantine". > > My trouble is that BR disallows the suspension of subscriber SSL certificate, > so the suspension of the CA could lead to a temporary > suspension of all SSL certificates under it. > > I'd appreciate if you can help me to see the light. > > Best, > Pedro > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy