On 14/5/2024 6:36 μ.μ., Inigo Barreira wrote:
I don´t have any issue to discuss this at the forum plenary but the
main difference between the TLS and the other cert types is the
accountability these have because being in the CT logs and anyone can
check/review. But, go ahead.
CT is not in the TLS BRs so they are not so much related. I also don't
understand what you mean by "accountability" because all CAs are
accountable for all types of publicly-trusted certificates they issue
(TLS, Code Signing, S/MIME), and they all have -similar- rules for
revocation.
Thanks,
Dimitris.
*De:*Public <[email protected]> *En nombre de *Dimitris
Zacharopoulos (HARICA) via Public
*Enviado el:* martes, 14 de mayo de 2024 17:28
*Para:* Ben Wilson <[email protected]>
*CC:* CA/Browser Forum Public Discussion List <[email protected]>
*Asunto:* Re: [cabfpub] Bergamo F2F Agenda Item
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender
and know the content is safe.
On 14/5/2024 6:08 μ.μ., Ben Wilson wrote:
Hi Dimitris,
There appears to be an open slot on the F2F agenda - Wed. May 29th
at 9:05 a.m. I was thinking we could use that time to discuss
revocation timelines and balancing the security provided by
revocation with the security/stability needed to support critical
infrastructure. In other words, we could discuss BR section 4.9.1
and concerns about disruption of global/national operations in
banking/finance, transportation, government, telecommunications,
healthcare, and other key areas where certificate revocation might
cause key systems to fail.
Should I put this topic in that open slot on the wiki?
Thanks,
Ben
Hi Ben,
I think that would be great. I assume you will be leading this session.
I think it's a great opportunity for CAs with past experience on
delayed revocations to share some insight about specific challenges in
the sectors you listed, and possibly add some that are missing.
FYI, public evidence for delayed revocation incidents (open and
closed, based on specific tags) is available in this link
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fbuglist.cgi%3Ff1%3DOP%26f4%3DCP%26v2%3Dca-compliance%26f2%3Dstatus_whiteboard%26o2%3Dallwordssubstr%26component%3DCA%2520Certificate%2520Compliance%26query_format%3Dadvanced%26list_id%3D17029100%26bug_status%3DNEW%26bug_status%3DASSIGNED%26bug_status%3DREOPENED%26bug_status%3DRESOLVED%26v3%3Ddelayed-revocation%2520leaf-revocation-delay%26resolution%3D---%26resolution%3DFIXED%26resolution%3DINVALID%26resolution%3DWONTFIX%26resolution%3DDUPLICATE%26resolution%3DWORKSFORME%26o3%3Danywordssubstr%26f3%3Dstatus_whiteboard&data=05%7C02%7Cinigo.barreira%40sectigo.com%7C359a894ee455450d700308dc742a7c05%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638512973035813492%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ksZzBYz0sq06L0qwEvCZcdOe3UTCuUO5%2F4m8sn%2FIZgw%3D&reserved=0>.
Although you mentioned that this affects the BR section 4.9.1, this
topic affects all Working Groups because all the WG BRs have a section
4.9.1 that is pretty much similar with the TLS BRs. With that said, I
would like to ask if Members have any objections for discussing this
topic as part of the Forum plenary.
Thank you,
Dimitris
CA/B Forum Chair
_______________________________________________
Public mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/public
