Hello, In a discussion on Bugzilla we approached the following hypothetical scenario: 1: A CA believes they have miss-issued a certificate 2: They fail to revoke in 5 days 3: They discover that in fact they issued correctly.
My question is simple: is the failure to timely revoke a violation of the baseline requirements? I believe it is for the following reason. A CAs past behavior is an indication of the degree future trust that can be put in it. How it acts in this case is evidence of how it acts with other mississuance cases. It also seems to add a great deal of moral luck if the reason there wasn't a problem was unknown to the CA. Imagine that they thought DNS validation wasn't working properly, but in fact there had been proper DNS checks working all during that time. They would be safe by accident. I do see how one could read the BRs otherwise, but I don't think that's as good a reading. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CACsn0cn-QcPo4QWgZDcmOmCHtCOmchA3wuWb9SXpk1o_Un3eBw%40mail.gmail.com.
