On Thu, Nov 12, 2020 at 2:57 AM Dimitris Zacharopoulos <ji...@it.auth.gr>
wrote:

>
> I believe this information should be the "minimum" accepted methods of
> proving that a Private Key is compromised. We should allow CAs to accept
> other methods without the need to first update their CP/CPS. Do people
> think that the currently proposed language would forbid a CA from
> accepting methods that are not explicitly documented in the CP/CPS?
>
> I also think that "parties" is a bit ambiguous, so I would suggest
> modifying that to follow the language of the BRs section 4.9.2
> "Subscribers, Relying Parties, Application Software Suppliers, and other
> third parties". Here is my proposed change:
>
> "Section 4.9.12 of a CA's CP/CPS MUST clearly specify the methods (at a
> minimum) that Subscribers, Relying Parties, Application Software
> Suppliers, and other third parties may use to demonstrate private key
> compromise."
>
> Dimitris,
Instead, what about something like,  "Section 4.9.12 of a CA's CP/CPS MUST
clearly specify its accepted methods that Subscribers, Relying Parties,
Application Software Suppliers, and other third parties may use to
demonstrate private key compromise. A CA MAY allow additional, alternative
methods that do not appear in section 4.9.12 of its CP/CPS." ?
Ben
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
  • Policy 2.7.1:MRSP Issue #20... Ben Wilson via dev-security-policy
    • Re: Policy 2.7.1:MRSP ... Dimitris Zacharopoulos via dev-security-policy
      • Re: Policy 2.7.1:M... Ben Wilson via dev-security-policy
        • Re: Policy 2.7... Dimitris Zacharopoulos via dev-security-policy
        • Re: Policy 2.7... Ryan Sleevi via dev-security-policy
          • Re: Policy... Nick Lamb via dev-security-policy
            • Re: P... Ryan Sleevi via dev-security-policy
              • R... Nick Lamb via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Nick Lamb via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Peter Bowen via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy

Reply via email to