Thanks for all the comments. I'm preparing now to apply the relevant
changes from the "Pre-production" CPS in the current CPS to clarify
these concerns. Specifically,
1. correct the description of revocation process to fix the suspension
and revocation issue.
2. make a statement in PREAMBLE
Piotr,
I agree with Ryan and am awaiting your response to Ryan's questions. I am
also awaiting an answer to why KIR did not report this misissuance.
- Wayne
On Fri, Jan 11, 2019 at 10:28 AM Ryan Sleevi wrote:
> I don't think it's reasonable to push the problem to your CA software
> vendor.
>
Here's the article we published on this subject a while ago:
https://www.digicert.com/blog/keeping-subscribers-safe-partner-best-practices/
-Tim
> -Original Message-
> From: dev-security-policy
> On Behalf Of Jeremy Rowley via dev-security-policy
> Sent: Thursday, January 10, 2019 4:47
Thanks Matthew, you make some excellent points. I will note that section
3.1.6 of Let's Encrypt's CPS states "While ISRG will comply with U.S. law
and associated legal orders,...". I am not a Lawyer, so I can only presume
that there is some legal provision for the situations you've described.
On
Thanks Sleevi
Thanks to provide us an example of (another intermediate).
Technical and name constraints seems much clear for me now.
2019年1月15日火曜日 1時56分58秒 UTC+9 Ryan Sleevi:
> On Mon, Jan 14, 2019 at 11:10 AM tadahiko.ito.public--- via
> dev-security-policy wrote:
>
> > Hi
> >
> > I have
Thanks Wayne
Thanks to break up requirements of not having name-constraints for 1st and 2nd
intermediate.
If we would not able to use name-constraints for some technical reason, we
might think about that idea.
Although, I believe our company do not have such a requirement at least now.
6 matches
Mail list logo
