You were able to successfully post to [email protected]: https://groups.google.com/a/ccadb.org/g/public/c/Iun9FqfajY8/m/iRZlJLFCAwAJ
On Tue, Jun 18, 2024 at 3:44 PM Watson Ladd <[email protected]> wrote: > Forwarded because I wasn't able to post to [email protected]: is that > supposed to be for overall public discussions? > ---------- Forwarded message --------- > From: Watson Ladd <[email protected]> > Date: Tue, Jun 18, 2024 at 3:34 PM > Subject: Revocation necessity: subjective or objective > To: public <[email protected]> > > > Hello, > > In a discussion on Bugzilla we approached the following hypothetical > scenario: > 1: A CA believes they have miss-issued a certificate > 2: They fail to revoke in 5 days > 3: They discover that in fact they issued correctly. > > My question is simple: is the failure to timely revoke a violation of > the baseline requirements? I believe it is for the following reason. A > CAs past behavior is an indication of the degree future trust that can > be put in it. How it acts in this case is evidence of how it acts with > other mississuance cases. It also seems to add a great deal of moral > luck if the reason there wasn't a problem was unknown to the CA. > Imagine that they thought DNS validation wasn't working properly, but > in fact there had been proper DNS checks working all during that time. > They would be safe by accident. I do see how one could read the BRs > otherwise, but I don't think that's as good a reading. > > Sincerely, > Watson Ladd > > -- > Astra mortemque praestare gradatim > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0cma%2BV0KiDqhcpugZYnGbmxSq1b0WWta2k_VhLMZR53txA%40mail.gmail.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAEmnErdhr%2BMg4vJoiXEiBA4-aaPfu%2BxH_DREfa2qz%2BuA7BgwdA%40mail.gmail.com.
