On Tue, Jan 18, 2022, 7:16 PM Kathleen Wilson <[email protected]> wrote:
> > 4) Added text to a bullet point in the keyCompromise section in order to > ensure that the certificate subscriber can only declare keyCompromise for > certificates for which they control the private key. > - the certificate subscriber *provides proof of control over the private > key and* requests that the CA revoke the certificate for this reason code; > Suppose that the subscriber suffers a ransomware attack, decides that it is better policy to say we never pay the dane geld, and this loses access to the private key and knows that the key was compromised. This arguably could fall under the first possible bullet but if so I have trouble understanding why we need the fourth bullet. Isn't the subscriber's statement proof of compromise? Sincerely, Watson -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0ckRHK%3DPVMk4XeJiTsHx0FhugssFW5BUYU1xerrLJiT%2B8A%40mail.gmail.com.
