[cabfpub] Misissuance of certificates

Sigbjørn Vik sigbjorn at opera.com
Tue Jan 5 15:19:03 UTC 2016


How about the following:

public at cabforum.org SHALL be informed about the report. If the CA cannot
post directly, it SHALL inform questions at cabforum.org, and the CA/B
Forum chair SHALL forward to the list.

On 05-Jan-16 16:10, Dean Coclin wrote:
> Commenting on this part: 
> 
> "public at cabforum.org  SHALL be informed about the report, if the CA cannot
> post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
> list."
> 
> If a CA is not a member of the forum, they won't have public list posting
> privileges and may not know the email address of the Chair/Vice Chair (they
> are not posted on our website). Hence I would suggest they email the
> "questions" list
> 
> Dean
> 
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
> Behalf Of Sigbjørn Vik
> Sent: Friday, December 18, 2015 9:08 AM
> To: public at cabforum.org
> Subject: Re: [cabfpub] Misissuance of certificates
> 
> Hi,
> 
> The discussion on this topic seems to have died down, I hope that means we
> can proceed to a ballot. Anyone willing to endorse?
> 
> The suggested exception for constrained intermediates did not seem to solve
> the problem it was intended to solve, and nobody spoke up for it, so I have
> removed it. The text would then be:
> 
> 
> 2.2.1 Information of incorrect issuance
> 
> In the event that a CA issues a certificate in violation of these
> requirements, the CA SHALL publicly disclose a report within one week of
> becoming aware of the violation.
> 
> public at cabforum.org SHALL be informed about the report, if the CA cannot
> post directly, it SHALL inform the CA/B Forum chair who SHALL inform the
> list.
> 
> The report SHALL publicize details about what the error was, what caused the
> error, time of issuance and discovery, and public certificates for all
> issuer certificates in the trust chain.
> 
> The report SHALL publicize the full public certificate, with the following
> exception: For certificates issued prior to 01-Mar-16 the report MAY leave
> out Subject Distinguished Name fields and subjectAltName extension values.
> 
> The report SHALL be made available to the CAs Qualified Auditor for the next
> Audit Report.
> 
> --
> Sigbjørn Vik
> Opera Software
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 


-- 
Sigbjørn Vik
Opera Software



More information about the Public mailing list