On 2020-11-12 8:38 μ.μ., Ben Wilson wrote:

On Thu, Nov 12, 2020 at 2:57 AM Dimitris Zacharopoulos <ji...@it.auth.gr <mailto:ji...@it.auth.gr>> wrote:


    I believe this information should be the "minimum" accepted
    methods of
    proving that a Private Key is compromised. We should allow CAs to
    accept
    other methods without the need to first update their CP/CPS. Do
    people
    think that the currently proposed language would forbid a CA from
    accepting methods that are not explicitly documented in the CP/CPS?

    I also think that "parties" is a bit ambiguous, so I would suggest
    modifying that to follow the language of the BRs section 4.9.2
    "Subscribers, Relying Parties, Application Software Suppliers, and
    other
    third parties". Here is my proposed change:

    "Section 4.9.12 of a CA's CP/CPS MUST clearly specify the methods
    (at a
    minimum) that Subscribers, Relying Parties, Application Software
    Suppliers, and other third parties may use to demonstrate private key
    compromise."

Dimitris,
Instead, what about something like,  "Section 4.9.12 of a CA's CP/CPS MUST clearly specify its accepted methods that Subscribers, Relying Parties, Application Software Suppliers, and other third parties may use to demonstrate private key compromise. A CA MAY allow additional, alternative methods that do not appear in section 4.9.12 of its CP/CPS." ?
Ben

That works better. Thank you.

Dimitris.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
  • Policy 2.7.1:MRSP Issue #20... Ben Wilson via dev-security-policy
    • Re: Policy 2.7.1:MRSP ... Dimitris Zacharopoulos via dev-security-policy
      • Re: Policy 2.7.1:M... Ben Wilson via dev-security-policy
        • Re: Policy 2.7... Dimitris Zacharopoulos via dev-security-policy
        • Re: Policy 2.7... Ryan Sleevi via dev-security-policy
          • Re: Policy... Nick Lamb via dev-security-policy
            • Re: P... Ryan Sleevi via dev-security-policy
              • R... Nick Lamb via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Nick Lamb via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Peter Bowen via dev-security-policy
                • ... Ryan Sleevi via dev-security-policy
                • ... Dimitris Zacharopoulos via dev-security-policy

Reply via email to