All, I have made 4 additional changes (highlighted in green) to the draft policy, that I will appreciate your feedback on.
1) Proposed effective date of September 1, 2022. 2) Updated the first sentence of the second paragraph to make it more clear: "When an end-entity TLS certificate is revoked for one of the reasons below, the specified CRLReason MUST be included in the reasonCode extension of the CRL entry corresponding to the end-entity TLS certificate." 3) Moved the following bullet point from the keyCompromise section to the privilegeWithdrawn section: - the certificate subscriber notifies the CA that the original certificate request was not authorized and does not retroactively grant authorization; 4) Added text to a bullet point in the keyCompromise section in order to ensure that the certificate subscriber can only declare keyCompromise for certificates for which they control the private key. - the certificate subscriber *provides proof of control over the private key and* requests that the CA revoke the certificate for this reason code; Thanks, Kathleen -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f060411b-d0cd-4386-b65a-71a645dff3fen%40mozilla.org.
