Hi Nick,
Thanks for passing on the customer email, we’re following up directly there, and as always, we’d recommend that customers directly reach out to their account team to discuss their specific needs. That said, we think it would be helpful to share the different certificate licensing models we offer and the details of each. Entrust broadly offers two models for certificate purchase. The handling of active certificates, including revocation, differs based on the model chosen by the customer. The first model is what we call “unit based” and is what most would consider the historically traditional approach for certificate offers, where a customer purchases a certificate for a specific term, that certificate is paid for up front, and their license is valid through the expiration date of the certificate. After initial issuance only limited changes are permitted to the details of the certificate. The second model is what we call “subscription” or “pooling”, and this approach allows a customer to have up to a pre-defined number of certificates issued and active at any given time during the period of the subscription. This approach allows customers the flexibility to issue and change certificates as often as necessary as their needs change, including, for example, revoking a no-longer needed certificate and issuing a new one with new organization information or domains, with no additional charges. At the time of renewal, customers can increase or decrease the number of certificates that are available under their subscription. If at any time a customer chooses to fully stop their subscription, then the license period ends, and under the terms of the agreement we reserve the right to revoke any unexpired certificates. So, depending on the model selected by the customer up front, the approach differs on how unexpired certificates are handled upon termination, and both are addressed in our Certificate and Signing Services Terms of Use. In addition, it is common that terms may be custom negotiated, so the best course of action, for any individual customer with questions, is to contact their account representatives directly to discuss. We hope this provides some more context to the question here on what our standard options and practices are. And we have an extensive customer communications and outreach program underway to ensure that customers understand their options and to provide uninterrupted support for their publicly trusted TLS certificates. On Thursday, August 1, 2024 at 2:04:05 PM UTC-4 Nick France wrote: > Last time this happened (see the thread Jonathan Doe linked to), we did > see this with customers looking to move to Sectigo - but it was quickly > remedied with Jeremy and Tim H's help. We haven't seen a problem with > DigiCert again since. > > I will say that we are now seeing the same with Entrust customers who are > being told that active certificates will be revoked if contracts are not > renewed, in clear language. > > I have privately sent the details of at least one customer to Bruce, and > hopefully he can confirm this was an error on the part of the Entrust > employee, or that it is indeed Entrust's policy. > > > Nick > > On Thursday, August 1, 2024 at 1:21:58 AM UTC+1 Mike Shaver wrote: > >> On Wed, Jul 31, 2024 at 8:19 PM Matt Palmer <[email protected]> wrote: >> >>> On Wed, Jul 31, 2024 at 04:02:50PM -0700, 'Bruce Morton' via >>> [email protected] wrote: >>> > Without more details about your specific situation, it’s difficult to >>> > address your concern effectively. Please reach out to me personally, >>> and I >>> > will do my best to assist you. >>> >>> Given Entrust's perceived past (lack of) transparency in communications, >>> it might be better if as much of this issue could be resolved in public. >>> >>> Can you provide any insight into why any Entrust subscriber may have >>> gained the impression that "if we did not renew the contract, all active >>> certificates would be revoked"? Even if that is not Entrust's >>> intention, the fact that a subscriber may have gotten that impression >>> from, say, an over-zealous salesperson or poorly-worded email is very >>> troubling. >> >> >> Have to disagree here, Matt. I don’t think it will be as effective for >> this discussion to be redacted as it would need to be in order to be >> public, and still protect J Doe, and I think that we can take Bruce’s offer >> to investigate in good faith. >> >> If it becomes a pattern that’s reported more widely—and I think it would >> spread quickly, given the visibility of Entrust’s difficulties of late—then >> we might get to the point of “very troubling”. Let’s not use up all our >> strong language on the earliest wisps of concern. :) >> >> Mike >> >> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/14dbcb13-bafb-45d5-8343-b75c3efdff53n%40mozilla.org.
