Good day,
consider slightly modified p. 16:
The technical content or format of the Certificate *doesn't comply with
the applicable legislation of Subject's jursidiction or* presents an
unacceptable risk to Application Software Suppliers or Relying Parties
(e.g. the CA/Browser Forum might determine that a deprecated
cryptographic/signature algorithm or key size presents an unacceptable
risk and that such Certificates should be revoked and replaced by CAs
within a given period of time).
Thanks,
M.D.
On 5/3/2017 2:23 AM, Ben Wilson via Public wrote:
All,
Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5
of the Baseline Requirements. To provide greater flexibility when
revoking certificates, I am proposing that we remove the 24-hour
revocation requirement from section 4.9.1.1 and replacing it with a
criteria-based process found in section 4.9.5. Section 4.9.5 (Time
within which CA Must Process the Revocation Request) would read:
The CA SHALL begin an investigation of the facts and circumstances
related to a Certificate Problem Report or other revocation-related
notice within one business day of receipt. After reviewing the facts
and circumstances, the CA SHALL work with any entity reporting the
Certificate Problem Report or other revocation-related notice to
establish a date when the CA will revoke the Certificate or take
whatever other appropriate action is warranted. The date selected by
the CA SHOULD consider the following criteria:
1. The nature of the alleged problem (scope, context, severity,
magnitude, risk of harm);
2. The consequences of revocation (direct and collateral impacts to
Subscribers and Relying Parties);
3. The number of Certificate Problem Reports received about a
particular Certificate or Subscriber;
4. The entity making the complaint (for example, a complaint from a
law enforcement official that a Web site is engaged in illegal
activities should carry more weight than a complaint from a consumer
alleging that she didn’t receive the goods she ordered); and
5. Relevant legislation.
Ben
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
