Hi; I hope this is the right list for these questions and discussion. Please feel free to redirect me to a more suitable venue if there should be one.
TL;DR Is it permissible for a CA to issue a certificate to a Subscriber if they know that the Subscriber cannot fulfill the warranties and acknowledgements from section 9.6.3 of the BRs, such as Subscribers who are not able to “accept” or tolerate revocation along the BR’s timelines? CONTEXT Section 9.6.3 of the TLS BRs (version 2.0.4) deals with Subscriber warranties and acknowledgments. I reproduce the preamble below, which is followed in the document by a list of such warranties and acknowledgements, with apologies for the length: *The CA SHALL require, as part of the Subscriber Agreement or Terms of Use, that the Applicant make the commitments and warranties in this section for the benefit of the CA and the Certificate Beneficiaries. Prior to the issuance of a Certificate, the CA SHALL obtain, for the express benefit of the CA and the Certificate Beneficiaries, either:* *1. The Applicant’s agreement to the Subscriber Agreement with the CA, or* *2. The Applicant’s acknowledgement of the Terms of Use.* *The CA SHALL implement a process to ensure that each Subscriber Agreement or Terms of Use is legally enforceable against the Applicant. In either case, the Agreement MUST apply to the Certificate to be issued pursuant to the certificate request. The CA MAY use an electronic or “click‐through” Agreement provided that the CA has determined that such agreements are legally enforceable. A separate Agreement MAY be used for each certificate request, or a single Agreement MAY be used to cover multiple future certificate requests and the resulting Certificates, so long as each Certificate that the CA issues to the Applicant is clearly covered by that Subscriber Agreement or Terms of Use. The Subscriber Agreement or Terms of Use MUST contain provisions imposing on the Applicant itself (or made by the Applicant on behalf of its principal or agent under a subcontractor or hosting service relationship) the following obligations and warranties:* Item 8 in the list is as follows: *8. Acknowledgment and Acceptance: An acknowledgment and acceptance that the CA is entitled to revoke the certificate immediately if the Applicant were to violate the terms of the Subscriber Agreement or Terms of Use or if revocation is required by the CA’s CP, CPS, or these Baseline Requirements.* CONCERN I draw attention to this requirement, which must be legally binding upon the Subscriber, because there have been *many* incident reports in Bugzilla describing delayed revocation caused by a Subscriber’s inability (or unwillingness to invest sufficiently) to replace a misissued certificate within the 24-hour window, or even the recently-extended 5-day window. Furthermore, the services to which these certificates are deployed are described as “critical infrastructure”, or the CA claims that revocation would be “disruptive to the web ecosystem”. From the descriptions provided by the CAs, it seems that due to the context in which the subscribers operate (government, health, banking, travel) the CAs in question *expected* that these Subscribers would not be willing to replace certificates within the well-known and agreed-to BR deadlines. By my understanding of the BRs, no CAs should be issuing certificates to Subscribers if they know that the Subscriber’s acknowledgement and acceptance of point 8 is untrue. Many CA’s CPSs also prohibit use of their certificates in contexts that may lead to loss of life, human injury, or substantial financial loss. (Surprisingly, some don’t, which I understand to mean that they warrant the certificate’s suitability for life-critical applications?) QUESTIONS What is the understanding of this group? Is it permissible for a CA to issue a certificate to a Subscriber when they know that this Subscriber does not, in fact, acknowledge and accept item 8? If CAs are to work with Subscribers to help those Subscribers tolerate immediate revocation as per the BRs, I believe that this work should happen *before* a certificate is issued, not in the wake of a misissuance. (What would happen if there were a key compromise? WebPKI is used for many important things, but I don’t think it is appropriate for contexts where loss of CA or Subscriber key material could result in intolerable consequences for society and the web.) As a minor follow-up question, would it be permissible for a CA to provide a guarantee to a Subscriber that may require the CA to violate the BRs? For example, could a CA contractually warrant to a Subscriber that the Subscriber would have 30 days to replace before revocation? Thank you for your time and consideration, and all the work you do to keep the WebPKI healthy for its primary constituents: users of the web. Mike -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CADQzZqv-6M-t0FYr0cHkzEeo-mWzVj-Db9wmEaoTU2Esy6RrWw%40mail.gmail.com.
