Reminder: The draft policy about revocation reason codes for TLS end-entity certificates is here: https://docs.google.com/document/d/1ESakR4MiwyENyuLefyH2wG8rYbtnmG1xeSYvDNpS-EI/edit?usp=sharing
On Tuesday, January 18, 2022 at 4:16:54 PM UTC-8 Kathleen Wilson wrote: > All, > > I have made 4 additional changes (highlighted in green) to the draft > policy, that I will appreciate your feedback on. > > 1) Proposed effective date of September 1, 2022. > > 2) Updated the first sentence of the second paragraph to make it more > clear: > "When an end-entity TLS certificate is revoked for one of the reasons > below, the specified CRLReason MUST be included in the reasonCode extension > of the CRL entry corresponding to the end-entity TLS certificate." > > 3) Moved the following bullet point from the keyCompromise section to the > privilegeWithdrawn section: > - the certificate subscriber notifies the CA that the original > certificate request was not authorized and does not retroactively grant > authorization; > > 4) Added text to a bullet point in the keyCompromise section in order to > ensure that the certificate subscriber can only declare keyCompromise for > certificates for which they control the private key. > - the certificate subscriber *provides proof of control over the private > key and* requests that the CA revoke the certificate for this reason code; > > Thanks, > Kathleen > > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/6cb36206-40df-478c-a42b-10ed2fc285e0n%40mozilla.org.
