Would the situation change if it was 1: A CA suspects they have miss-issued certificates but are not 100% sure about the interpretation of the regulation 2: They ask for community feedback 3: ... ?
Kind regards Roman -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Watson Ladd Sent: Mittwoch, 19. Juni 2024 00:35 To: public <[email protected]> Subject: Revocation necessity: subjective or objective Hello, In a discussion on Bugzilla we approached the following hypothetical scenario: 1: A CA believes they have miss-issued a certificate 2: They fail to revoke in 5 days 3: They discover that in fact they issued correctly. My question is simple: is the failure to timely revoke a violation of the baseline requirements? I believe it is for the following reason. A CAs past behavior is an indication of the degree future trust that can be put in it. How it acts in this case is evidence of how it acts with other mississuance cases. It also seems to add a great deal of moral luck if the reason there wasn't a problem was unknown to the CA. Imagine that they thought DNS validation wasn't working properly, but in fact there had been proper DNS checks working all during that time. They would be safe by accident. I do see how one could read the BRs otherwise, but I don't think that's as good a reading. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CACsn0cn-QcPo4QWgZDcmOmCHtCOmchA3wuWb9SXpk1o_Un3eBw%40mail.gmail.com. -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/ZR0P278MB0170B1AE2121700FAB11F041FACF2%40ZR0P278MB0170.CHEP278.PROD.OUTLOOK.COM.
