It probably comes as no surprise to anyone in the Forum that I'm not a big fan of a blanket policy for CA discretion, much like the any other method concerns :)
Jeremy previously had a pretty good draft here, but didn't go forward with it. That's captured in https://cabforum.org/pipermail/public/2015-March/005312.html Are there new concerns why that approach wouldn't work? On Tue, May 2, 2017 at 7:23 PM, Ben Wilson via Public <[email protected]> wrote: > All, > > > > Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5 of > the Baseline Requirements. To provide greater flexibility when revoking > certificates, I am proposing that we remove the 24-hour revocation > requirement from section 4.9.1.1 and replacing it with a criteria-based > process found in section 4.9.5. Section 4.9.5 (Time within which CA Must > Process the Revocation Request) would read: > > > > The CA SHALL begin an investigation of the facts and circumstances related > to a Certificate Problem Report or other revocation-related notice within > one business day of receipt. After reviewing the facts and circumstances, > the CA SHALL work with any entity reporting the Certificate Problem Report > or other revocation-related notice to establish a date when the CA will > revoke the Certificate or take whatever other appropriate action is > warranted. The date selected by the CA SHOULD consider the following > criteria: > > 1. The nature of the alleged problem (scope, context, severity, magnitude, > risk of harm); > > 2. The consequences of revocation (direct and collateral impacts to > Subscribers and Relying Parties); > > 3. The number of Certificate Problem Reports received about a particular > Certificate or Subscriber; > > 4. The entity making the complaint (for example, a complaint from a law > enforcement official that a Web site is engaged in illegal activities > should carry more weight than a complaint from a consumer alleging that she > didn’t receive the goods she ordered); and > > 5. Relevant legislation. > > > > > > Ben > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
