On Fri, Aug 2, 2024 at 5:33 AM 'Bruce Morton' via [email protected] <[email protected]> wrote: > > Hi Nick, > > Thanks for passing on the customer email, we’re following up directly there, > and as always, we’d recommend that customers directly reach out to their > account team to discuss their specific needs. > > That said, we think it would be helpful to share the different certificate > licensing models we offer and the details of each. Entrust broadly offers two > models for certificate purchase. The handling of active certificates, > including revocation, differs based on the model chosen by the customer. > > The first model is what we call “unit based” and is what most would consider > the historically traditional approach for certificate offers, where a > customer purchases a certificate for a specific term, that certificate is > paid for up front, and their license is valid through the expiration date of > the certificate. After initial issuance only limited changes are permitted to > the details of the certificate. > > The second model is what we call “subscription” or “pooling”, and this > approach allows a customer to have up to a pre-defined number of certificates > issued and active at any given time during the period of the subscription. > This approach allows customers the flexibility to issue and change > certificates as often as necessary as their needs change, including, for > example, revoking a no-longer needed certificate and issuing a new one with > new organization information or domains, with no additional charges. At the > time of renewal, customers can increase or decrease the number of > certificates that are available under their subscription. If at any time a > customer chooses to fully stop their subscription, then the license period > ends, and under the terms of the agreement we reserve the right to revoke any > unexpired certificates. > > So, depending on the model selected by the customer up front, the approach > differs on how unexpired certificates are handled upon termination, and both > are addressed in our Certificate and Signing Services Terms of Use. In > addition, it is common that terms may be custom negotiated, so the best > course of action, for any individual customer with questions, is to contact > their account representatives directly to discuss. > > We hope this provides some more context to the question here on what our > standard options and practices are. And we have an extensive customer > communications and outreach program underway to ensure that customers > understand their options and to provide uninterrupted support for their > publicly trusted TLS certificates.
Let me get this straight: you will not revoke on time when presented with a BR violation, making the excuse customers will be inconvenienced, run criticial systems yadda yadda. You will revoke gratuitously come contract renewal time, and none of the reasons listed before matter. Sincerely, Watson Ladd -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CACsn0cnU6nDKQ%3DyEONsACzZi9LCgjdgQdXdO2AM%2BxTS51utUwA%40mail.gmail.com.
