Re: [cabfpub] On the use of misuse - and the necessity to remove it

[Adriano Santoni via Public]

Well, §4.9 of the CPS is about certificate revocation, and here we are discussing about whether and when a CA reserves the right to revoke a "misused" certificate, whatever "misused" means (to a particular CA). So it seems to me that §4.9 - and particularly §4.9.1 (circumstances for revocation) - can be a suitable location in the CPS where to define "misuse". But I appreciate that §1.4 is also an appropriate place. At any rate, I am not going to fight over this.

Il 08/06/2018 14:51, Ryan Sleevi ha scritto:

I'm not sure - can you explain why you think putting it in 4.9 would be consistent with 3647?

I think the goal is to have a consistent place that all Subscribers and Relying Parties can expect things. 3647 provides for that in Section 1.4. I'm not sure why we'd want to permit and/or - that seems like it creates more work for everyone? On Fri, Jun 8, 2018 at 8:07 AM, Adriano Santoni <adriano.sant...@staff.aruba.it <mailto:adriano.sant...@staff.aruba.it>> wrote:

    More explicitly, with reference to RFC 3647, I'd suggest that a
    description of what the CA means by "misuse" (or an equivalent
    term or expression) should be found in §1.4 and/or §4.9 of the
    CA's CPS.


    Il 08/06/2018 13:52, Ryan Sleevi ha scritto:

    Could you expand a bit more?

    One of the concerns raised by multiple browsers, but particularly
    articulated by Wayne, was that CAs are documenting things all
    over, and so it's difficult for consumers to know where it will
    be documented. Do you currently document it, and in a different
    section?

    It was an explicit goal of Ballot 217 to ensure that CAs are
    following the 3647 format, and as Moudrick highlighted, that's
    already got a dedicated section for that purpose. If you did want
    to place information in additional places, that's certainly
    possible - but it means your example 1.4.2 would say something like

    "Certificates issued under this policy shall not be used
    for hazardous environments requiring fail-safe controls,
    including without limitation, the design, construction,
    maintenance or operation of nuclear facilities, aircraft
    navigation or communication systems, air traffic control, and
    life support or weapons systems. Further, certificates issued
    under this policy may not be used for the purposes defined in
    Appendix A"

    Does that sound... reasonable?


    On Fri, Jun 8, 2018 at 7:37 AM, Adriano Santoni
    <adriano.sant...@staff.aruba.it
    <mailto:adriano.sant...@staff.aruba.it>> wrote:

        I'd prefer not to restrict the sections of the CA's CP/CPS
        where the definition of "misuse" (or "misused") is to be found:

        4.9.1.1 (future)
        "4. The CA obtains evidence that the Certificate was misused,
        as defined by the CA's CP/CPS;"



        Il 08/06/2018 12:54, Ryan Sleevi ha scritto:

        4.9.1.1 (future)
        "4. The CA obtains evidence that the Certificate was
        misused, as defined by Section 1.4.1 and 1.4.2 of the CA's
        CP/CPS;"

smime.p7s
Description: Firma crittografica S/MIME

_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public