[cabfpub] Misissuance of certificates
Sigbjørn Vik
sigbjorn at opera.com
Fri Dec 18 07:07:44 MST 2015
Hi,
The discussion on this topic seems to have died down, I hope that means
we can proceed to a ballot. Anyone willing to endorse?
The suggested exception for constrained intermediates did not seem to
solve the problem it was intended to solve, and nobody spoke up for it,
so I have removed it. The text would then be:
2.2.1 Information of incorrect issuance
In the event that a CA issues a certificate in violation of these
requirements, the CA SHALL publicly disclose a report within one week of
becoming aware of the violation.
public at cabforum.org SHALL be informed about the report, if the CA cannot
post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
list.
The report SHALL publicize details about what the error was, what caused
the error, time of issuance and discovery, and public certificates for
all issuer certificates in the trust chain.
The report SHALL publicize the full public certificate, with the
following exception: For certificates issued prior to 01-Mar-16 the
report MAY leave out Subject Distinguished Name fields and
subjectAltName extension values.
The report SHALL be made available to the CAs Qualified Auditor for the
next Audit Report.
--
Sigbjørn Vik
Opera Software
More information about the Public
mailing list