Hi Rich, The CA cannot issue a replacement certificate if the Domain and/or Identity Validation reuse period has expired.
Some CAs even choose to request fresh domain validations at every issuance. DZ. Dec 19, 2024 22:24:31 Rich Salz <[email protected]>: >> I think it would be advisable for a CA operator’s mass-revocation testing >> plan to include an immediate notice to all customers whose certificates were >> randomly selected because we would want to minimize disruption to server >> operations while testing the CA’s ability to revoke and replace certificates >> promptly. >> > That's not quite the question I was asking. I said "pre-notify". Imagine a > timeline like this: > N pick enough certs randomly. Generate replacement certs for those being > revoked. > N+1 notify those customers they will be revoked ("this is a test of the > emergency broadcasting system" as it were) and that you have replacement certs > N + 1 + x Do the revocation > > Would that be valid? If not, then as a reasonably large subscriber, I think > Akamai would expect to have a cert in the mass-revocation plan, and if we > have to respond at incident speed so that our customers are not impacted by > such a test, we would probably take that into consideration about which CAs > we use. > > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAFH29trVcYUbbWCE722Qu8qECvG%3DBBS9MswpK6%2B3YVQRAhnC2A%40mail.gmail.com[https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAFH29trVcYUbbWCE722Qu8qECvG%3DBBS9MswpK6%2B3YVQRAhnC2A%40mail.gmail.com?utm_medium=email&utm_source=footer]. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/65b55a64-5c04-485b-9f4b-5eadf706bf82%40it.auth.gr.
