[cabfpub] Misissuance of certificates

Rob Stradling rob.stradling at comodo.com
Wed Dec 2 11:30:12 UTC 2015


On 02/12/15 11:10, Sigbjørn Vik wrote:
<snip>
> A reworded proposal would then be e.g.:
>
> ====
> 2.2.1 Information of incorrect issuance
>
> In the event that a CA issues a certificate in violation of these
> requirements, the CA SHALL publicly disclose a report within one week of
> becoming aware of the violation.
>
> public at cabforum.org SHALL be informed about the report, if the CA cannot
> post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
> list.
>
> The report SHALL include details about what the error was, what caused
> the error, time of issuance and discovery, and public certificates for
> all issuer certificates in the trust chain.
>
> The report SHALL contain the full public certificate,

Hi Sigbjørn.

"The report SHALL _include_ ... public certificates for all issuer 
certificates in the trust chain" and "The report SHALL _contain_ the 
full public certificate" seems to imply that reports cannot _reference_ 
other publicly accessible systems (such as https://crt.sh) that provide 
this information.

Is that the intent?  (I'm hoping it isn't).

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online




More information about the Public mailing list