Should we update the BRs to disallow issuance of certificates for key pairs that have been previously reported as compromised?
I'm not aware of any CAs that currently do that check today, but it's not that difficult to do. It might be a sensible thing to add in the future. However it only works if all CAs do it, otherwise subscribers will just get their compromised key signed by a different CA. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
