Thanks. I’ll take a look at it and see about merging the two.
Ben From: Ryan Sleevi [mailto:[email protected]] Sent: Tuesday, May 2, 2017 5:56 PM To: CA/Browser Forum Public Discussion List <[email protected]> Cc: Ben Wilson <[email protected]> Subject: Re: [cabfpub] Revocation Timeframe Ballot Language It probably comes as no surprise to anyone in the Forum that I'm not a big fan of a blanket policy for CA discretion, much like the any other method concerns :) Jeremy previously had a pretty good draft here, but didn't go forward with it. That's captured in https://cabforum.org/pipermail/public/2015-March/005312.html Are there new concerns why that approach wouldn't work? On Tue, May 2, 2017 at 7:23 PM, Ben Wilson via Public <[email protected]<mailto:[email protected]>> wrote: All, Attached is a redlined Word doc containing sections 4.9.1.1 and 4.9.5 of the Baseline Requirements. To provide greater flexibility when revoking certificates, I am proposing that we remove the 24-hour revocation requirement from section 4.9.1.1 and replacing it with a criteria-based process found in section 4.9.5. Section 4.9.5 (Time within which CA Must Process the Revocation Request) would read: The CA SHALL begin an investigation of the facts and circumstances related to a Certificate Problem Report or other revocation-related notice within one business day of receipt. After reviewing the facts and circumstances, the CA SHALL work with any entity reporting the Certificate Problem Report or other revocation-related notice to establish a date when the CA will revoke the Certificate or take whatever other appropriate action is warranted. The date selected by the CA SHOULD consider the following criteria: 1. The nature of the alleged problem (scope, context, severity, magnitude, risk of harm); 2. The consequences of revocation (direct and collateral impacts to Subscribers and Relying Parties); 3. The number of Certificate Problem Reports received about a particular Certificate or Subscriber; 4. The entity making the complaint (for example, a complaint from a law enforcement official that a Web site is engaged in illegal activities should carry more weight than a complaint from a consumer alleging that she didn’t receive the goods she ordered); and 5. Relevant legislation. Ben _______________________________________________ Public mailing list [email protected]<mailto:[email protected]> https://cabforum.org/mailman/listinfo/public
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
