Hmm - that does seem long. What if we keep the investigation to 24 hours and change revocation to 24 hours/2 weeks? There’s no reason for the CA to delay investigating any issue.
For transparency, what do you suggest? I left it the same as today. Perhaps state that the CA MUST reply to the certificate problem reporter about its decision within 3 days? From: Ryan Sleevi [mailto:sle...@google.com] Sent: Wednesday, August 23, 2017 1:10 PM To: Jeremy Rowley <jeremy.row...@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org> Subject: Re: [cabfpub] Revocation ballot v2 To make sure I'm summarizing the meaningful change: - 7 days upon when a CA itself decides a violation (e.g. CA failing to follow its CP/CPS or the Baseline Requirements) - 14 days (up to 7 days for investigation/confirmation) for an external report of a CA violating its CP/CPS - 7 days for investigation & FINAL report - While still requiring that CAs MUST NOT exceed 7 days from that determination to revoke And not requiring any transparency for reports the CA determines are 'not valid', right? Meaning any problem reporter who feels the CA's response is inadequate must, as they do today, escalate to Application Software Suppliers. Did I properly summarize? I want to make sure I parse it right (the "MUST not" was subtle, for example, in part due to non-2119 capitalization), particularly that the CA must still revoke within a total of 14 days for externally-reported-and-confirmed issues. On Wed, Aug 23, 2017 at 2:56 PM, Jeremy Rowley via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: Attached is a revised version of the revocation ballot. This leaves the revocation deadline at 24 hours for key compromise, but gives CAs a week to respond to other issues. Pretty sure I don’t need to preface where this proposal is coming from. Thoughts? Jeremy _______________________________________________ Public mailing list Public@cabforum.org <mailto:Public@cabforum.org> https://cabforum.org/mailman/listinfo/public
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public
